diff --git a/packagesNtApiDotNet.1.1.33/lib/net461/NtApiDotNet.xml b/packagesNtApiDotNet.1.1.33/lib/net461/NtApiDotNet.xml new file mode 100644 index 0000000..1f8091c --- /dev/null +++ b/packagesNtApiDotNet.1.1.33/lib/net461/NtApiDotNet.xml @@ -0,0 +1,51865 @@ + + + + NtApiDotNet + + + + + Result of an access check with specific access types. + + The access rights type, must be derived from an Enum. + + + + The NT status code from the access check. + + + + + The granted access mask from the check. + + + + + The granted access mapped to generic access mask. + + + + + The required privileges for this access. + + + + + The specific granted access mask from the check. + + + + + The specific granted access mapped to generic access mask. + + + + + Object type associated with the access. + + + + + The level of the object type if used. + + + + + Optional name for the object type. + + + + + When a result from an Audit Access Check indicates whether the + an audit needs to be generated on close. + + + + + Whether the access check was a success. + + + + + Get access check result as a specific access. + + The specific access results. + + + + Get access check result as a specific access. + + The specific access. + + + + Result of an access check. + + + + + Result of an access check with generic Enum access types. + + + + + Structure for an NT access mask. + + + + + The access mask's access bits. + + + + + Constructor. + + Access bits to use + + + + Implicit conversion from Int32. + + The access enumeration. + + + + Implicit conversion from UInt32. + + The access enumeration. + + + + Implicit conversion from enumerations. + + The access enumeration. + + + + Convert access mask to a generic access object. + + The generic access mask + + + + Convert access mask to a mandatory label policy + + The mandatory label policy + + + + Convert to a specific access right. + + The specific access right. + The converted value. + + + + Convert to a specific access right. + + The type of enumeration to convert to. + The converted value. + + + + Get whether this access mask is empty (i.e. it's 0) + + + + + Get whether this access mask has no access rights, i.e. not empty. + + + + + Get whether this access mask has generic access rights. + + + + + Get whether this access mask hash type specific access rights. + + + + + Get whether the current access mask is granted specific permissions. + + The access mask to check + True one or more access granted. + + + + Get whether the current access mask is granted all specific permissions. + + The access mask to check + True access all is granted. + + + + Bitwise AND operator. + + Access mask 1 + Access mask 2 + The new access mask. + + + + Bitwise OR operator. + + Access mask 1 + Access mask 2 + The new access mask. + + + + Bitwise AND operator. + + Access mask 1 + Access mask 2 + The new access mask. + + + + Bitwise OR operator. + + Access mask 1 + Access mask 2 + The new access mask. + + + + Equality operator. + + Access mask 1 + Access mask 2 + True if equal. + + + + Inequality operator. + + Access mask 1 + Access mask 2 + True if equal. + + + + Bitwise NOT operator. + + Access mask 1 + The new access mask. + + + + Overridden GetHashCode. + + The hash code. + + + + Overridden Equals. + + The object to compare against. + True if equal. + + + + Get an empty access mask. + + + + + Overridden ToString method. + + The access mask. + + + + ToString method. + + Format code for the access mask. + The formatting string. + + + + ToString method. + + Format code for the access mask. + The format provider. + The formatting string. + + + + Flags representing what generic access the entry maps to. + + + + + Not mapped to any access. + + + + + Mapped to read. + + + + + Mapped to write. + + + + + Mapped to execute. + + + + + Mapped to All. + + + + + A structure to hold an access mask to enum mapping. + + + + + The access mask. + + + + + The value of the access mask entry enumeration. + + + + + The generic access this maps to. + + + + + The optional SDK name. + + + + + Overridden ToString method. + + The string form of the entry. + + + + Class to represent an Access Control Entry (ACE) + + + + + Check if the ACE is an allowed ACE. + + + + + Check if the ACE is a denied ACE. + + + + + Check if the ACE is an Object ACE + + + + + Check if the ACE is a callback ACE + + + + + Check if ACE is a conditional ACE + + + + + Check if ACE is a resource attribute ACE. + + + + + Check if ACE is a mandatory label ACE. + + + + + Check if ACE is a compound ACE. + + + + + Check if ACE is an audit ACE. + + + + + Check if ACE is an access filter ACE. + + + + + Check if ACE is a process trust label ACE. + + + + + Check if ACE is a critical ACE. + + + + + Check if ACE is inherit only. + + + + + Check if ACE is inherited by objects. + + + + + Check if ACE is inherited by objects. + + + + + Get ACE type + + + + + Get ACE flags + + + + + Get ACE access mask + + + + + Get ACE Security Identifier + + + + + The type of compound ACE. When serialized always set to Impersonate. + + + + + Get the client SID in a compound ACE. + + + + + Get optional Object Type + + + + + Get optional Inherited Object Type + + + + + Optional application data. + + + + + Get conditional check if a conditional ace. + + + + + Get or set resource attribute. + + + + + Constructor + + ACE type + ACE flags + ACE access mask + ACE sid + + + + Convert ACE to a string + + The ACE as a string + + + + Convert ACE to a string + + An enumeration type to format the access mask + True to try and resolve SID to a name + The ACE as a string + + + + Clone this ACE. + + The cloned ACE. + + + + Get whether the current access mask is granted specific permissions. + + The access mask to check + True one or more access granted. + + + + Get whether the current access mask is granted all specific permissions. + + The access mask to check + True access all is granted. + + + + Get the common name of the object type. + + Specify the domain for the object type. + If true then expand the list of properties. + The common name of the object type, or the GUID as a string. + This function could be quite slow to query the first time. + + + + Get the common name of the object type. + + If true then expand the list of properties. + The common name of the object type, or the GUID as a string. + This will query the local domain, it could be quite slow to query the first time. + + + + Get the common name of the object type. + + The common name of the object type, or the GUID as a string. + This will query the local domain, it could be quite slow to query the first time. + + + + Get the common name of the inherited object type. + + Specify the domain for the object type. + The common name of the object type, or the GUID as a string. + This function could be quite slow to query the first time. + + + + Get the common name of the inherited object type. + + The common name of the object type, or the GUID as a string. + This will query the local domain, it could be quite slow to query the first time. + + + + Convert the ACE to a byte array. + + The ACE as a byte array. + + + + Compare ACE to another object. + + The other object. + True if the other object equals this ACE + + + + Get hash code. + + The hash code + + + + Equality operator + + Left ACE + Right ACE + True if the ACEs are equal + + + + Not Equal operator + + Left ACE + Right ACE + True if the ACEs are not equal + + + + Class to represent an Access Control List (ACL) + + + + + Constructor + + Pointer to a raw ACL in memory + True if the ACL was defaulted + + + + Constructor + + Buffer containing an ACL in memory + True if the ACL was defaulted + + + + Constructor for a NULL ACL + + True if the ACL was defaulted + + + + Constructor for an empty ACL + + + + + Constructor + + List of ACEs to add to ACL + True if the ACL was defaulted + + + + Constructor + + List of ACEs to add to ACL + + + + Constructor. + + An SDDL string to create the DACL from. + The SDDL string should be of the form D:(...) or S:(...), if you specify + both a DACL and a SACL then only the DACL will be used. + + + + Convert the ACL to a byte array + + The ACL as a byte array + + + + Convert the ACL to a safe buffer + + The safe buffer + + + + Add an ace to the ACL + + The ACE to add + + + + Add an access allowed ace to the ACL + + The ACE access mask + The ACE flags + The ACE SID + + + + Add an access allowed ace to the ACL + + The ACE access mask + The ACE SID + + + + Add an access allowed ace to the ACL + + The ACE access mask + The ACE flags + The ACE SID + + + + Add an access allowed ace to the ACL + + The ACE access mask + The ACE SID + + + + Add an access denied ace to the ACL + + The ACE access mask + The ACE flags + The ACE SID + + + + Add an access denied ace to the ACL + + The ACE access mask + The ACE SID + + + + Add an access denied ace to the ACL + + The ACE access mask + The ACE flags + The ACE SID + + + + Add an access denied ace to the ACL + + The ACE access mask + The ACE SID + + + + Add an audit ace to the ACL + + The ACE access mask + The ACE flags + The ACE SID + + + + Add an audit ace to the ACL + + The ACE access mask + The ACE flags + The ACE SID + + + + Add an audit success ace to the ACL + + The ACE access mask + The ACE SID + + + + Add an audit success ace to the ACL + + The ACE access mask + The ACE SID + + + + Add an audit fail ace to the ACL + + The ACE access mask + The ACE SID + + + + Add an audit fail ace to the ACL + + The ACE access mask + The ACE SID + + + + Gets an indication if this ACL is canonical. + + Canonical means that deny ACEs are before allow ACEs. + True to canonicalize a DACL, otherwise a SACL. + True if the ACL is canonical. + + + + Gets an indication if this DACL is canonical. + + Canonical basically means that deny ACEs are before allow ACEs. + True if the ACL is canonical. + + + + Canonicalize the ACL. + + True to canonicalize a DACL, otherwise a SACL. + + + + Canonicalize the ACL (for use on DACLs only). + + The canonical ACL. + + + + Find the first ACE with a specified type. + + The type to find. + True to include inherit only ACEs. + The found ace. Returns null if not found. + + + + Find the first ACE with a specified type. Includes InheritOnly ACEs. + + The type to find. + The found ace. Returns null if not found. + + + + Find the all ACE with a specified type. + + The type to find. + True to include inherit only ACEs. + The found aces. + + + + Find the all ACE with a specified type. Includes InheritOnly ACEs. + + The type to find. + The found aces. + + + + Find the last ACE with a specified type. + + The type to find. + The found ace. Returns null if not found. + + + + Clone the ACL. Also clones all ACEs. + + The cloned ACL. + + + + Get or set whether the ACL was defaulted + + + + + Get or set whether the ACL is NULL (no security) + + + + + Get or set the protected flag. + + + + + Get or set the auto-inherited flag. + + + + + Get or set the auto-inherited required flag. + + + + + Get or set the ACL revision + + + + + Indicates the ACL has at least one conditional ACE. + + + + + Indicates the ACL has at least one object ACE. + + + + + Base class to represent an ALPC message. + + + + + Constructor. + + The port message header. + + + + Constructor. + + + + + Update the header length fields. + + The length of the valid data. + The maximum data length supported by the packet. + + + + Method to handle when ToSafeBuffer is called. + + The message buffer being created. + + + + Method to handle when FromSafeBuffer is called. + + The message buffer to initialize from.. + The ALPC port associated with this message. + + + + Get or set the header. + + + + + The process ID of the sender. + + + + + The thread ID of the sender. + + + + + Get total length of the message. + + + + + Get the allocated data length for the message. + + + + + Get data length of the message. + + + + + Get the message ID. + + + + + Get the callback ID. + + + + + Get the message type. + + + + + Get additional flags on message type. + + + + + Indicates that the message requires a reply (otherwise things can leak). + + + + + Indicates that the message requires a reply (obsolete). + + + + + Get direct status for the message. + + The direct status for the message. Returns STATUS_PENDING if the message is yet to be processed. + + + + Get the maximum size of a message minus the header size. + + + + + Create a safe buffer for this message. + + The safe buffer. + + + + Method to query information for a message. + + The information class. + The port which has processed the message. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Query a fixed structure from the object. + + The type of structure to return. + The information class to query. + The port which has processed the message. + A default value for the query. + True to throw on error. + The result of the query. + Thrown on error. + + + + Query a fixed structure from the object. + + The type of structure to return. + The port which has processed the message. + The information class to query. + A default value for the query. + The result of the query. + Thrown on error. + + + + Query a fixed structure from the object. + + The type of structure to return. + The port which has processed the message. + The information class to query. + The result of the query. + Thrown on error. + + + + An ALPC message which holds a raw set of bytes. + + + + + Constructor. + + Data to initialize the message with. + Maximum length of the message buffer. + Specify a text encoding for the DataString property. + + + + Constructor. + + Data to initialize the message with. + Maximum length of the message buffer. + + + + Constructor. + + Data to initialize the message with. + + + + Constructor. + + Data to initialize the message with. + Specify a text encoding for the DataString property. + + + + Constructor. + + Total allocated length of the message buffer. + + + + Constructor. + + Total allocated length of the message buffer. + Specify a text encoding for the DataString property. + + + + Get or set the message data. + + When you set the data it'll update the DataLength and TotalLength fields. + + + + Get or set the message data as an encoding string. + + When you set the data it'll update the DataLength and TotalLength fields. + + + + Get or set the text encoding in this raw message. + + + + + Method to handle when FromSafeBuffer is called. + + The message buffer to initialize from.. + The ALPC port associated with this message. + + + + Method to handle when ToSafeBuffer is called. + + The message buffer being created. + + + + An ALPC message which holds a specific type with optional trailing data. + + The type representing the data. + + + + Constructor for a receive buffer. + + + + + Constructor for a receive buffer. + + Length of message. This will be rounded up to at least accomodate the header. + + + + Constructor for a send/receive buffer. + + The initial value to set. + Trailing data. + + + + Constructor for a send/receive buffer. + + The initial value to set. + + + + Get or set the type in the buffer. + + + + + Get or set any trailing data after the value. + + + + + Method to handle when FromSafeBuffer is called. + + The message buffer to initialize from.. + The ALPC port associated with this message. + + + + Method to handle when ToSafeBuffer is called. + + The message buffer being created. + + + + Class to represent a set of sending attributes. + + + + + Constructor. + + + + + Constructor. + + List of attributes to send. + + + + Add an attribute object. + + The attribute to add. + + + + Remove an attribute object. + + The attribute flag to remove. + + + + Remove an attribute object. + + The attribute to remove. + + + + Add a list of handles to the send attributes. + + The list of objects. + This method doesn't maintain a reference to the objects. You need to keep them alive elsewhere. + + + + Add a list of handles to the send attributes. + + The list of handles. + + + + Add a list of handles to the send attributes. + + The handle to add. + This method doesn't maintain a reference to the objects. You need to keep them alive elsewhere. + + + + Add a list of handles to the send attributes. + + The handle to add. + + + + Get the allocated attributes. + + + + + Class to represent a set of received attributes. + + + + + Constructor. Allocated space for all known attributes. + + + + + Constructor. + + + + + Get the allocated attributes. + + + + + Get the list of valid attributes. + + + + + Get a list of the valid attributes. + + + + + Get list of passed handles. + + + + + Get the mapped data view. If no view sent this property is invalid. + + + + + Get the security context. If no security context this property is invalid. + + + + + Dispose method. + + + + + Get a typed attribute. + + The type of attribute to get. + The attribute. Returns a default initialized object if not valid. + + + + Get an attribute. + + The attribute flag to get. + The attribute. Returns null if not found. + + + + Convert this set of attributes to a buffer to send. + + The send attributes. + + + + Convert this set of attributes to one which can be used to free on continuation required. + + The attributes to + The send attributes. + + + + Checks if an attribute flag is valid. + + The attribute to test. + True if the attribute is value. + + + + Base class to represent a message attribute. + + + + + The flag for this attribute. + + + + + Constructor. + + The single attribute flag which this represents. + + + + Class representing a security message attribute. + + + + + Constructor. + + + + + Security attribute flags. + + + + + Security quality of service. + + + + + Context handle. + + + + + Create an attribute which with create a handle automatically. + + The security quality of service. + The security message attribute. + + + + Class representing a security message attribute. + + + + + Constructor. + + + + + Token ID of token. + + + + + Authentication ID of token. + + + + + Modified ID of token + + + + + Class representing a security message attribute. + + + + + Constructor. + + + + + Port context. + + + + + Message context. + + + + + Sequence number. + + + + + Message ID. + + + + + Callback ID. + + + + + Class representing a data view message attribute. + + + + + Constructor. + + + + + View flags. + + + + + Handle to section. + + + + + View base. + + + + + View size. + + + + + Handle attribute entry. + + + + + Handle flags. + + + + + The NT object. + + + + + The object type for the handle. + + + + + Desired access for the handle. + + + + + Constructor. + + Handle attribute to initialize from. + + + + Constructor. + + Handle attribute to initialize from. + + + + Constructor. + + Information structure to initialize from. + + + + Constructor. + + + + + Constructor. + + The object to construct the entry from. Will take a copy of the handle. + + + + Class representing a handle message attribute. + + + + + Constructor. + + + + + Constructor. + + List of handle entries. + + + + Constructor. + + The handle entry. + + + + Constructor. + + List of objects to create the handle entries. + This constructor takes copies of the objects. + + + + Constructor. + + A single object to send. + This constructor takes copies of the object. + + + + List of handles in this attribute. + + + + + Class representing a direct message attribute. + + + + + Constructor. + + The event object. + + + + The event object. + + + + + Class representing a work on behalf of message attribute. + + + + + Constructor. + + + + + Thread ID. + + + + + Thread creation time (low). + + + + + Safe buffer to store an allocated set of ALPC atributes. + + + + + Get a pointer to an allocated attribute. Returns NULL if not available. + + The attribute to get. + The pointer to the attribute buffer, IntPtr.Zero if not found. + + + + Get an attribute as a structured type. + + The attribute type. + The attribute. + A buffer which represents the structured type. + Thrown if attribute doesn't exist. + + + + Create a new buffer with allocations for a specified set of attributes. + + The attributes to allocate. + The allocated buffed. + + + + Dispose the safe buffer. + + True if disposing + + + + Detaches the current buffer and allocates a new one. + + The detached buffer. + The original buffer will become invalid after this call. + + + + Get the NULL buffer. + + + + + Class to represent an ALPC port section. + + + + + Handle to the port section. + + + + + Size of the port section. + + + + + The actual section size. + + + + + Create a new section view attribute. + + Specify the flags for the data view attribute. + The section view size. + True to throw on error. + The section view attribute. + + + + Create a new section view attribute. + + True to throw on error. + The section view attribute. + + + + Create a new section view attribute. + + Specify the flags for the data view attribute. + The section view size. + The section view attribute. + + + + Create a new section view attribute. + + The section view attribute. + + + + Dispose of the port section. + + + + + Supported windows verion + + + + + This should always be at the end. + + + + + Attribute to indicate the required version for a function. + Applied if the function needs a version greater than 7. + + + + + The supported version. + + + + + Constructor + + The supported version + + + + Attribute used for managed structures to indicate the start of data. + This is used in situations where the data immediately trail + + + + + Constructor + + The field name which indicates the first address of data. + + + + The field name which indicates the first address of data. + + + + + When allocating this structure always include the field in the total length calculation. + + + + + Class to represent an API set entry. + + + + + Flags for the entry. + + + + + The name of the API set. + + + + + The default host module. + + + + + Hash version of the name. + + + + + List of hosts. + + + + + Get host module for an import module. + + + + + + + Represents a single API set host. + + + + + The imported module this API set host applies to. + + + + + The module which implements this API set. + + + + + Is the host the default host. + + + + + Flags for API set namespace. + + + + + None. + + + + + The API set is sealed. + + + + + The API set is an extension. + + + + + Class to represent an API set namespace. + + + + + Flags for the namespace. + + + + + List of API set entries. + + + + + Get API set namespace from current process. + + + + + Gets an API set based on its name. + + The API set name. + The API set entry. Returns null if not found. + + + + Flags for a boundary descriptor + + + + + None + + + + + Automatically add the AppContainer package SID to the boundary + + + + + Class which represents a private namespace boundary descriptor + + + + + Constructor + + The name of the boundary + Additional flags for the boundary + + + + Constructor + + The name of the boundary + + + + Add a SID to the boundary descriptor. + + This SID is used in an access check when creating or deleting private namespaces. + The SID to add. + + + + Add an integrity level to the boundary descriptor. + + This integrity level is used in an access check when creating or deleting private namespaces. + The integrity level to add. + + + + Add a list of SIDs to the boundary descriptor. + + The SIDs to add. This can include normal and integrity level SIDs + + + + Add a list of SIDs to the boundary descriptor. + + The first SID to add + Additional SIDs + + + + The handle to the boundary descriptor. + + + + + Create a boundary descriptor from a string representation. + + A boundary descriptor string of the form [SID[:SID...]@]NAME where SID is an SDDL format SID. + The new boundary descriptor. + + + + Finalizer + + + + + Dispose + + + + + Some simple utilities to create structure buffers. + + + + + Create a buffer based on a passed type. + + The type to use in the structure buffer. + The value to initialize the buffer with. + Additional byte data after the structure. + Indicates if additional_size includes the structure size or not. + The new structure buffer. + + + + Create a buffer based on a passed type. + + The type to use in the structure buffer. + The value to initialize the buffer with. + The new structure buffer. + + + + Create a buffer based on a passed type. + + The type to use in the structure buffer. + The value to initialize the buffer with. + The new structure buffer. + + + + Create a buffer based on a passed type. + + The type to use in the structure buffer. + The value to initialize the buffer with. + Additional byte data after the structure. + Indicates if additional_size includes the structure size or not. + The new structure buffer. + + + + Create a buffer based on a byte array. + + The byte array for the buffer. + The safe buffer. + + + + Create an buffer from an array. + + The array element type, must be a value type. + The array of elements. + The allocated array buffer. + + + + Read a NUL terminated string for the byte offset. + + The buffer to read from. + The byte offset to read from. + The string read from the buffer without the NUL terminator + + + + Read a NUL terminated byte string for the byte offset. + + The buffer to read from. + The byte offset to read from. + Text encoding for the string. + The string read from the buffer without the NUL terminator + + + + Read a NUL terminated ANSI string for the byte offset. + + The buffer to read from. + The byte offset to read from. + The string read from the buffer without the NUL terminator + + + + Read a char array with length. + + The buffer to read from. + The number of characters to read. + The byte offset to read from. + The chars read from the buffer + + + + Read a Unicode string string with length. + + The buffer to read from. + The number of characters to read. + The byte offset to read from. + The string read from the buffer. + + + + Write char array. + + The buffer to write to. + The byte offset to write to. + The chars to write. + + + + Write unicode string. + + The buffer to write to. + The byte offset to write to. + The string value to write. + + + + Read bytes from buffer. + + The buffer to read from. + The byte offset to read from. + The number of bytes to read. + The byte array. + + + + Write bytes to a buffer. + + The buffer to write to. + The byte offset to write to. + The data to write. + + + + Get a structure buffer at a specific offset. + + The type of structure. + The buffer to map. + The offset into the buffer. + The structure buffer. + The returned buffer is not owned, therefore you need to maintain the original buffer while operating on this buffer. + + + + Creates a view of an existing safe buffer. + + The buffer to create a view on. + The offset from the start of the buffer. + The length of the view. + The buffer view. + Note that the returned buffer doesn't own the memory, therefore the original buffer + must be maintained for the lifetime of this buffer. + + + + Creates a view of an existing safe buffer. + + The buffer to create a view on. + The offset from the start of the buffer. + The length of the view. + True to make the view writable, false for read-only. + The buffer view. + Note that the returned buffer doesn't own the memory, therefore the original buffer + must be maintained for the lifetime of this buffer. + + + + Zero an entire buffer. + + The buffer to zero. + + + + Fill an entire buffer with a specific byte value. + + The buffer to full. + The fill value. + + + + Compare two buffers for equality. + + The left buffer. + The offset into the left buffer. + The right buffer. + The offset into the right buffer. + The length to compare. + True if the buffers are equal. + + + + Compare a buffer and a byte array for equality. + + The buffer. + The offset into the left buffer. + The compare byte array. + True if the buffers are equal. + + + + Find a byte array in a buffer. Returns all instances of the compare array. + + The buffer to find the data in. + Start offset in the buffer. + The comparison byte array. + A list of offsets into the buffer where the compare was found. + + + + Find a byte array in a buffer. Returns all instances of the compare array. + + The buffer to find the data in. + The comparison byte array. + A list of offsets into the buffer where the compare was found. + + + + Class to represent a Security Atttribute. + + + + + The name of the attribute. + + + + + The type of values. + + + + + The attribute flags. + + + + + The list of values. + + + + + The count of values. + + + + + Convert the attribute to a builder to modify it. + + The builder object. + + + + Convert the security attribute to an SDDL string. + + The security attribute as an SDDL string. + + + + Converts the attribute to a Resource Attribute ACE. + + The resource attribute ACE. + + + + Class to create a new user process using the native APIs. + + + + + Path to the executable to start. + + + + + Path to the executable to start which is passed in the process configuration. + + + + + Command line + + + + + Prepared environment block. + + + + + Title of the main window. + + + + + Path to DLLs. + + + + + Current directory for new process + + + + + Desktop information value + + + + + Shell information value + + + + + Runtime data. + + + + + Prohibited image characteristics for new process + + + + + Additional file access for opened executable file. + + + + + Process create flags. + + + + + Thread create flags. + + + + + Initialization flags + + + + + Parent process. + + + + + Restrict new child processes + + + + + Override restrict child process + + + + + Extra process/thread attributes + + + + + Added protected process protection level. + + The type of protected process. + The signer level. + + + + Return on error instead of throwing an exception. + + + + + Whether to terminate the process on dispose. + + + + + Specify a security descriptor for the process. + + + + + Specify a security descriptor for the initial thread. + + + + + Specify the primary token for the new process. + + + + + Access for process handle. + + + + + Access for thread handle. + + + + + Constructor + + + + + For the current process + + The new forked process result + + + + For the current process + + Process create flags. + Thread create flags. + The new forked process result + + + + For the current process + + Process create flags. + Thread create flags. + True to throw on error. + The new forked process result + + + + Start the new process based on the ImagePath parameter. + + The result of the process creation + + + + Start the new process + + The image path to the file to execute + The result of the process creation + + + + Result from a native create process call. + + + + + Handle to the process + + + + + Handle to the initial thread + + + + + Handle to the image file + + + + + Handle to the image section + + + + + Handle to the IFEO key (if it exists) + + + + + Image information + + + + + Client ID of process and thread + + + + + Process ID + + + + + Thread ID + + + + + Create status + + + + + True if create succeeded + + + + + Result of the create information + + + + + Creation state + + + + + Terminate the process + + Exit code for termination + + + + Resume initial thread + + The suspend count + + + + Set to true to terminate process on disposal + + + + + Finalizer + + + + + Dispose + + + + + The base class for a debug event. + + + + + Process ID for the event. + + + + + Thread ID for the event. + + + + + The event code. + + + + + Constructor. + + The current debug event. + The debug port associated with this event. + + + + Continue the debugged process. + + The continue status code. + True to throw on error. + The NT status code. + + + + Continue the debugged process. + + The continue status code. + + + + Continue the debugged process with a success code. + + + + + Dispose the event. + + + + + Debug event for the Create Process event. + + + + + Subsystem key for the process. + + + + + Handle to the process file (if available). + + + + + Base of image file. + + + + + Debug info file offset. + + + + + Debug info file size. + + + + + Subsystem key for the thread. + + + + + Start address of the thread. + + + + + Handle to the process (if available). + + + + + Handle to the thread (if available). + + + + + Dispose the event. + + + + + Debug event for the Create Thread event. + + + + + Subsystem key for the thread. + + + + + Start address of the thread. + + + + + Handle to the thread (if available). + + + + + Dispose the event. + + + + + Debug event for the Exit Thread event. + + + + + Exit status code. + + + + + Debug event for the Exit Process event. + + + + + Exit status code. + + + + + Debug event for load DLL event. + + + + + DLL file handle. + + + + + Base of loaded DLL. + + + + + Debug info offset. + + + + + Debug info size. + + + + + Address of name. + + + + + Dispose the event. + + + + + Debug event for unload DLL event. + + + + + Base of loaded DLL. + + + + + Debug event for exception event. + + + + + Indicates if this is a first chance exception. + + + + + Exception code. + + + + + Exception flags. + + + + + Pointer to next exception in the chain. + + + + + Address of exception. + + + + + Additional parameters for exception. + + + + + Debug event when we don't handle the state. + + + + + The raw debug event. + + + + + Represents a list where the elements can be trivially disposed in one go. + + An IDisposable implementing type + + + + Constructor + + + + + Constructor + + The initial capacity of the list + + + + Constructor + + A collection to initialize the list + + + + Add a resource to the list and return a reference to it. + + The type of resource to add. + The resource object. + The added resource. + + + + Add a resource to the list and return a reference to it. + + The type of resource to add. + The added resource. + + + + Convert this list to an array then clear it to the disposal no longer happens. + + The elements as an array. + After doing this the current list will be cleared. + + + + Detach a detachable reference and add it to the list. + + The type of resource to detach. + The detached resource. + + + + Dispose method + + + + + Implementation of disposable list which just accepts IDisposable objects. + + + + + Constructor + + + + + Constructor + + The initial capacity of the list + + + + Constructor + + A collection to initialize the list + + + + Adds a delegate which will be called when the list is disposed. + + The delegate to call on dispose. + This can be used to add more complex disposable. + + + + Disposable list of safe handles + + + + + Constructor + + + + + Constructor + + The initial capacity of the list + + + + Constructor + + A collection to initialize the list + + + + Move the handle list to a new disposable list. + + The list of handles which have been moved. + After doing this the current list will be cleared. + + + + Flags for an EA entry + + + + + No flags. + + + + + Processor must handle this EA. + + + + + A single EA entry. + + + + + Name of the entry + + + + + Data associated with the entry + + + + + Flags + + + + + Constructor + + The name of the entry + Data associated with the entry + Flags for entry. + + + + Constructor + + The name of the entry + Data associated with the entry + Flags for entry. + + + + Constructor + + The name of the entry + Data associated with the entry + Flags for entry. + + + + Get the EA buffer data as a string. + + The data as a string. + + + + Get the EA buffer data as an Int32. + + The data as an Int32. + + + + Convert entry to a string + + The entry as a string + + + + Class to create an Extended Attributes buffer for NtCreateFile + + + + + Constructor + + + + + Constructor + + List of entries to add. + + + + Constructor from a binary EA buffer + + The EA buffer to parse + + + + Constructor + + Existing buffer to copy. + + + + Add a new EA entry from an old entry. The data will be cloned. + + The entry to add. + + + + Add a new EA entry + + The name of the entry + The associated data, will be cloned + The entry flags. + + + + Add a new EA entry + + The name of the entry + The associated data + The entry flags. + + + + Add a new EA entry + + The name of the entry + The associated data + The entry flags. + + + + Get an entry by name. + + The name of the entry. + The found entry. + Thrown if no entry by that name. + + + + Remove an entry from the buffer. + + The entry to remove. + + + + Remove an entry from the buffer by name. + + The name of the entry. + Thrown if no entry by that name. + + + + Convert to a byte array + + The byte array + + + + Get the list of entries. + + + + + Get number of entries. + + + + + Get whether the buffer contains a specific entry. + + The name of the entry. + True if the buffer contains an entry with the name. + + + + Index to get an entry by name. + + The name of the entry. + The found entry. + Thrown if no entry by that name. + + + + Clear all entries. + + + + + Access rights generic mapping. + + + + + Mapping for Generic Read + + + + + Mapping for Generic Write + + + + + Mapping for Generic Execute + + + + + Mapping for Generic All + + + + + Map a generic access mask to a specific one. + + The generic mask to map. + The mapped mask. + + + + Get whether this generic mapping gives read access. + + The mask to check against. + True if we have read access. + + + + Get whether this generic mapping gives write access. + + The mask to check against. + True if we have write access. + + + + Get whether this generic mapping gives execute access. + + The mask to check against. + True if we have execute access. + + + + Get whether this generic mapping gives all access. + + The mask to check against. + True if we have all access. + + + + Try and unmap access mask to generic rights. + + The mask to unmap. + The unmapped mask. Any access which can be generic mapped is left in the mask as specific rights. + + + + Get the allowed access mask for a specified mandatory access policy. + + The mandatory access policy. + The allowed access mask for the policy. + In general NoWriteUp will always be set on the policy. + + + + Convert generic mapping to a string. + + The generic mapping as a string. + + + + Interface to abstract the kernel transaction manager support. + + + + + Get handle for the transaction. + + + + + Commit the transaction + + + + + Rollback the transaction + + + + + Enable the transaction for anything in the current thread context. + + The transaction context. This should be disposed to disable the transaction. + + + + Class to represent a mount point. + + + + + Symbolic link name. + + + + + Unique ID. + + + + + Device name. + + + + + Class to access mount point manager utilities. + + + + + Query the list of mount points. + + True to throw on error. + The list of mount points. + + + + Query the list of mount points. + + The list of mount points. + + + + Class to represent the USN journal data. + + + + + Flags for the USN journal change reason. + + + + + Class to represent a USN journal record. + + + + + Reference number of the file. + + + + + Reference number of the parent. + + + + + USN value. + + + + + Timestamp of entry. + + + + + Reason code. + + + + + Source info flags. + + + + + Security ID. + + + + + File attributes. + + + + + Filename. + + + + + Full path, if known. + + + + + Full Win32Path if known. + + + + + Flags for USN journal source information. + + + + + Class for methods relating to USN journal. + + + + + Read USN journal information. + + The handle to the volume to query. + True to throw on error. + The USN journal information. + + + + Read USN journal information. + + The handle to the volume to query. + The USN journal information. + + + + Read USN journal entries from the volume. + + The volume to read. + The start USN to read. + Last USN to read, exclusive. + Mask for what records to read. + The list of USN journal entries. + + + + Read all USN journal entries from the volume. + + The volume to read. + The list of USN journal entries. + + + + Read USN journal entries from the volume, unprivileged. + + The volume to read. + The start USN to read. + Last USN to read, exclusive. + Mask for what records to read. + The list of USN journal entries. + + + + Read USN journal entries from the volume, unprivileged. + + The volume to read. + The list of USN journal entries. + + + + An enumeration to reference a known SID. + + + + + NULL SID + + + + + Everyone SID + + + + + Local user SID + + + + + CREATOR OWNER SID + + + + + CREATOR GROUP SID + + + + + CREATOR OWNER SERVER SID + + + + + CREATOR OWNER SERVER SID + + + + + Service SID + + + + + ANONYMOUS LOGON SID + + + + + Authenticated Users SID + + + + + RESTRICTED SID + + + + + LOCAL SYSTEM SID + + + + + LOCAL SERVICE SID + + + + + NETWORK SERVICE SID + + + + + APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES SID + + + + + APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES + + + + + NT SERVICE\TrustedInstaller + + + + + BUILTIN\Users + + + + + BUILTIN\Administrators + + + + + APPLICATION PACKAGE AUTHORITY\Your Internet connection + + + + + APPLICATION PACKAGE AUTHORITY\Your Internet connection, including incoming connections from the Internet + + + + + APPLICATION PACKAGE AUTHORITY\Your home or work networks + + + + + APPLICATION PACKAGE AUTHORITY\Your pictures library + + + + + APPLICATION PACKAGE AUTHORITY\Your videos library + + + + + APPLICATION PACKAGE AUTHORITY\Your music library + + + + + APPLICATION PACKAGE AUTHORITY\Your documents library + + + + + APPLICATION PACKAGE AUTHORITY\Your Windows credentials + + + + + APPLICATION PACKAGE AUTHORITY\Software and hardware certificates or a smart card + + + + + APPLICATION PACKAGE AUTHORITY\Removable storage + + + + + APPLICATION PACKAGE AUTHORITY\Your Appointments + + + + + APPLICATION PACKAGE AUTHORITY\Your Contacts + + + + + APPLICATION PACKAGE AUTHORITY\Internet Explorer + + + + + Constrained Impersonation Capability + + + + + OWNER RIGHTS + + + + + NT AUTHORITY\SELF + + + + + NT AUTHORITY\WRITE RESTRICTED + + + + + BUILTIN\BUILTIN + + + + + NT AUTHORITY\INTERACTIVE + + + + + NT AUTHORITY\DIALUP + + + + + NT AUTHORITY\NETWORK + + + + + NT AUTHORITY\BATCH + + + + + NT AUTHORITY\PROXY + + + + + Static methods to get some known SIDs. + + + + + NULL SID + + + + + Everyone SID + + + + + Local user SID + + + + + CREATOR OWNER SID + + + + + CREATOR GROUP SID + + + + + CREATOR OWNER SERVER SID + + + + + CREATOR OWNER SERVER SID + + + + + Service SID + + + + + ANONYMOUS LOGON SID + + + + + Authenticated Users SID + + + + + RESTRICTED SID + + + + + NT AUTHORITY\WRITE RESTRICTED + + + + + BUILTIN\BUILTIN + + + + + NT AUTHORITY\INTERACTIVE + + + + + NT AUTHORITY\DIALUP + + + + + NT AUTHORITY\NETWORK + + + + + NT AUTHORITY\BATCH + + + + + NT AUTHORITY\PROXY + + + + + LOCAL SYSTEM SID + + + + + LOCAL SERVICE SID + + + + + NETWORK SERVICE SID + + + + + APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES SID + + + + + APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES + + + + + NT SERVICE\TrustedInstaller + + + + + BUILTIN\Users + + + + + BUILTIN\Administrators + + + + + APPLICATION PACKAGE AUTHORITY\Your Internet connection + + + + + APPLICATION PACKAGE AUTHORITY\Your Internet connection, including incoming connections from the Internet + + + + + APPLICATION PACKAGE AUTHORITY\Your home or work networks + + + + + APPLICATION PACKAGE AUTHORITY\Your pictures library + + + + + APPLICATION PACKAGE AUTHORITY\Your videos library + + + + + APPLICATION PACKAGE AUTHORITY\Your music library + + + + + APPLICATION PACKAGE AUTHORITY\Your documents library + + + + + APPLICATION PACKAGE AUTHORITY\Your Windows credentials + + + + + APPLICATION PACKAGE AUTHORITY\Software and hardware certificates or a smart card + + + + + APPLICATION PACKAGE AUTHORITY\Removable storage + + + + + APPLICATION PACKAGE AUTHORITY\Your Appointments + + + + + APPLICATION PACKAGE AUTHORITY\Your Contacts + + + + + APPLICATION PACKAGE AUTHORITY\Internet Explorer + + + + + Constrained Impersonation Capability + + + + + Get a known SID based on a specific enumeration. + + The enumerated sid value. + + + + + Class to represent an Access Control Entry for a Mandatory Label. + + + + + Constructor. + + Flags for the ACE. + The mandatory label policy. + The integrity level. + + + + Constructor from a raw integrity level. + + Flags for the ACE. + The mandatory label policy. + The integrity level sid. + + + + The policy for the mandatory label. + + + + + Get or set the integrity level + + + + + Convert ACE to a string. + + + + + + Class which represents a mapped file. + + + + + Native path to file. + + + + + Name of the file. + + + + + List of mapped sections. + + + + + Mapped base address of file. + + + + + Mapped size of file. + + + + + True if the mapped file is an image section. + + + + + Specified the signing level if an image (only on RS3+). + + + + + Class to represent memory information. + + + + + Base address of memory region. + + + + + Allocation base for memory region. + + + + + Initial allocation protection. + + + + + Region size. + + + + + Memory state. + + + + + Current memory protection. + + + + + Memory type. + + + + + The mapped image path, if an image. + + + + + The mapped image path name, if an image. + + + + + The region type. + + + + + Is this a software enclave. + + + + + Interface for a marshalled NDR conformant structure. + + This interface is primarily for internal use only. + + + + Gets the number of conformant dimensions, should be at least one. + + The number of conformant dimensions. + + + + Interface for a marshalled non-encapsulated NDR union. + + This interface is primarily for internal use only. + + + + Marshal the union to a stream. + + The selector for union arm. + The marshal stream. + + + + Interface for a marshalled NDR structure. + + This interface is primarily for internal use only. + + + + Marshal the stucture to a stream. + + The marshal stream. + + + + Unmarshal the structure from a stream. + + The unmarshal stream. + + + + Get the structure's alignment. + + + + + + Structure to represent a context handle. + + + + + Context handle attributes. + + + + + Context handle UUID. + + + + + Constructor. + + Context handle attributes. + Context handle UUID. + + + + Overidden ToString method. + + The handle as string. + + + + NDR integer representation. + + + + + NDR character representation. + + + + + NDR floating point representation. + + + + + Definition of the NDR data representation for an NDR stream. + + + + + The integer representation of the NDR data. + + + + + The character representation of the NDR data. + + + + + The floating representation of the NDR data. + + + + + A class which represents an embedded pointer. + + The underlying type. + + + + Operator to convert from a value to an embedded pointer. + + The value to point to. + + + + Operator to convert from an embedded pointer to a value. + + The embedded pointer. + + + + Overridden ToString method. + + The string form of the value. + + + + Get the value from the embedded pointer. + + The value of the pointer. + + + + Structure to represent an empty value. + + + + + Class to represent a 16 bit enumerated type. + + + + + Value of the structure. + + + + + Constructor. + + + + + + Constructor. + + The value to construct from. + + + + Constructor. + + The value to construct from. + + + + Constructor. + + The value to construct from. + + + + Constructor. + + The value to construct from. + + + + Constructor. + + The value to construct from. + + + + Constructor. + + The value to construct from. + + + + Constructor. + + The value to construct from. + + + + Equality operator. + + The left value. + The right value. + True if the values are equal. + + + + Inequality operator. + + The left value. + The right value. + True if the values are not-equal. + + + + Overridden ToString. + + The value as a string. + + + + ToString method. + + The formatting string. + The value as a string. + + + + IFormattable ToString. + + The formatting string. + Formatting provider. + The value as a string. + + + + Equals operator. + + The other enum16. + True if the values are equal. + + + + Compare + + + + + + + Overridden GetHashCode. + + The hash code of the enumeration. + + + + Structure which represents an NDR FC_INT3264 + + + + + Value of the structure. + + + + + Constructor. + + The value to construct from. + + + + Constructor. + + The value to construct from. + + + + Convert to a native IntPtr. + + The value to convert from. + + + + Overridden ToString. + + The value as a string. + + + + ToString method. + + The formatting string. + The value as a string. + + + + IFormattable ToString. + + The formatting string. + Formatting provider. + The value as a string. + + + + Structure which represents an NDR FC_UINT3264 + + + + + Value of the structure. + + + + + Constructor. + + The value to construct from. + + + + Constructor. + + The value to construct from. + + + + Constructor. + + The value to construct from. + + + + Convert to a native IntPtr. + + The value to convert from. + + + + Overridden ToString. + + The value as a string. + + + + ToString method. + + The formatting string. + The value as a string. + + + + IFormattable ToString. + + The formatting string. + Formatting provider. + The value as a string. + + + + Class to represent an NDR interface pointer. + + + + + The marshaled interface data. + + + + + Constructor. + + The marshaled interface data. + + + + A buffer to marshal NDR data to. + + This class is primarily for internal use only. + + + + Represents an NDR pickled type. + + + + + Constructor from a type 1 serialized buffer. + + The type 1 serialized encoded buffer. + + + + Convert the pickled type to a type 1 serialized encoded buffer. + + The type 1 serialized encoded buffer. + + + + Type for a synchronous NDR pipe. + + The base type of pipe blocks. + + + + The list of blocks for the pipe. + + + + + Constructor. + + The list of blocks to return. + + + + Constructor. + + A single block to return. + + + + Convert the pipe blocks to a flat array. + + The flat array. + + + + A buffer to unmarshal NDR data from. + + This class is primarily for internal use only. + + + + Place holder for unsupported types. + + + + + Class to represent a single COM proxy definition. + + + + + The name of the proxy interface. + + + + + The IID of the proxy interface. + + + + + The base IID of the proxy interface. + + + + + The number of dispatch methods on the interface. + + + + + List of parsed procedures for the interface. + + + + + Creates a proxy definition from a list of procedures. + + The name of the proxy interface. + The IID of the proxy interface. + The base IID of the proxy interface. + The total dispatch count for the proxy interface. + The list of parsed procedures for the proxy interface. + + + + + Expression element. + + + + + Overridden ToString method. + + The expression as a string. + + + + The expression type. + + + + + Is this operator element valid. + + + + + Operator expression element. + + + + + NDR format type of element. + + + + + NDR format type of element. + + + + + Offset, used for OP_EXPRESSION. + + + + + Parsed arguments. + + + + + Overridden ToString method. + + The expression as a string. + + + + Variable expression element. + + + + + Offset of the variable. + + + + + NDR format type of element. + + + + + Overridden ToString method. + + The expression as a string. + + + + Expression element. + + + + + NDR format type of element. + + + + + Offset of the variable. + + + + + The value of the constant. + + + + + Overridden ToString method. + + The expression as a string. + + + + An interface which can be implemented to handle formatting parsed NDR data. + + + + + Format a complex type using the current formatter. + + The complex type to format. + The formatted complex type. + + + + Format a procedure using the current formatter. + + The procedure to format. + The formatted procedure. + + + + Format a COM proxy using the current formatter. + + The COM proxy to format. + The formatted COM proxy. + + + + Format an RPC server interface using the current formatter. + + The RPC server. + The formatted RPC server interface. + + + + An base class which describes a text formatter for NDR data. + + + + This formatter generates data that the CPP compiler can (hopefully) understand, + at least it will serve as a good skeleton to support spinning up new projects easily. + + + + + Flags for the NDR formatter. + + + + + No flags. + + + + + Don't emit comments. + + + + + Default NDR formatter constructor. + + + + + Create the default formatter. + + Specify a dictionary of IIDs to names. + Function to demangle COM interface names during formatting. + Formatter flags. + The default formatter. + + + + Create the default formatter. + + Specify a dictionary of IIDs to names. + Function to demangle COM interface names during formatting. + The default formatter. + + + + Create the default formatter. + + Specify a dictionary of IIDs to names. + Formatter flags. + The default formatter. + + + + Create the default formatter. + + Specify a dictionary of IIDs to names. + The default formatter. + + + + Create the default formatter. + + Formatter flags. + The default formatter. + + + + Create the default formatter. + + The default formatter. + + + + NDR formatter constructor for CPP style output. + + + + + Create the CPP formatter. + + Specify a dictionary of IIDs to names. + Function to demangle COM interface names during formatting. + Formatter flags. + The CPP formatter. + + + + Create the CPP formatter. + + Specify a dictionary of IIDs to names. + Function to demangle COM interface names during formatting. + The CPPformatter. + + + + Create the CPP formatter. + + Specify a dictionary of IIDs to names. + Formatter flags. + The CPP formatter. + + + + Create the CPP formatter. + + Specify a dictionary of IIDs to names. + The CPP formatter. + + + + Create the default formatter. + + Formatter flags. + The CPP formatter. + + + + Create the default formatter. + + The CPP formatter. + + + + Flags for the parser. + + + + + No flags. + + + + + Ignore processing any complex user marshal types. + + + + + Resolve structure names, required private symbols. + + + + + Class to parse NDR data into a structured format. + + + + + Constructor. + + Memory reader to parse from. + Process to read from. + Specify a symbol resolver to use for looking up symbols. + Flags which affect the parsing operation. + + + + Constructor. + + Process to parse from. + Specify a symbol resolver to use for looking up symbols. + + + + Constructor. + + Process to parse from. + Specify a symbol resolver to use for looking up symbols. + Flags which affect the parsing operation. + + + + Constructor. + + Specify a symbol resolver to use for looking up symbols. + + + + Constructor. + + Process to parse from. + + + + Constructor. + + + + + Read COM proxy information from a ProxyFileInfo structure. + + The address of the ProxyFileInfo structure. + The list of parsed proxy definitions. + + + + Read COM proxy information from an array of pointers to ProxyFileInfo structures. + + The address of an array of pointers to ProxyFileInfo structures. The last pointer should be NULL. + The list of parsed proxy definitions. + + + + Read COM proxy information from a file. + + The path to the DLL containing the proxy. + Optional CLSID for the proxy class. + List of IIDs to parse. + The list of parsed proxy definitions. + + + + Read COM proxy information from a file. + + The path to the DLL containing the proxy. + Optional CLSID for the proxy class. + The list of parsed proxy definitions. + + + + Read COM proxy information from a file. + + The path to the DLL containing the proxy. + The list of parsed proxy definitions. + + + + Parse NDR content from an RPC_SERVER_INTERFACE structure in memory. + + Pointer to the RPC_SERVER_INTERFACE. + The parsed NDR content. + + + + Parse NDR content from an RPC_SERVER_INTERFACE structure in memory. + + Pointer to the RPC_SERVER_INTERFACE. + Base address of the library which contains the interface. + The parsed NDR content. + + + + Parse NDR content from an RPC_SERVER_INTERFACE structure in memory. Deprecated. + + Pointer to the RPC_SERVER_INTERFACE. + The parsed NDR content. + + + + Parse NDR content from an RPC_SERVER_INTERFACE structure in memory. + + The path to a DLL containing the RPC_SERVER_INTERFACE. + Offset to the RPC_SERVER_INTERFACE from the base of the DLL. + The parsed NDR content. + + + + Parse NDR procedures from an MIDL_SERVER_INFO structure in memory. + + Pointer to the MIDL_SERVER_INFO. + Number of dispatch functions to parse. + The start offset to parse from. This is used for COM where the first few proxy stubs are not implemented. + List of names for the valid procedures. Should either be null or a list equal in size to dispatch_count - start_offset. + The parsed NDR content. + + + + Parse NDR procedures from an MIDL_SERVER_INFO structure in memory. + + Pointer to the MIDL_SERVER_INFO. + Number of dispatch functions to parse. + The start offset to parse from. This is used for COM where the first few proxy stubs are not implemented. + The parsed NDR content. + + + + List of parsed types from the NDR. + + + + + List of parsed complex types from the NDR. + + + + + Parse NDR complex type information from a pickling structure. Used to extract explicit Encode/Decode method information. + + The process to read from. + Pointer to the MIDL_TYPE_PICKLING_INFO structure. + The pointer to the MIDL_STUB_DESC structure. + Pointers to the the format string to the start of the types. + Specify additional parser flags. + The list of complex types. + This function is used to extract type information for calls to NdrMesTypeDecode2. MIDL_TYPE_PICKLING_INFO is the second parameter, + MIDL_STUB_DESC is the third, the Type Offsets is the fourth parameter. + + + + Parse NDR complex type information from a pickling structure. Used to extract explicit Encode/Decode method information. + + The process to read from. + Pointer to the MIDL_TYPE_PICKLING_INFO structure. + The pointer to the MIDL_STUBLESS_PROXY_INFO structure. + Pointer to the type pickling offset table. + Index into type_pickling_offset_table array. + Specify additional parser flags. + The list of complex types. + This function is used to extract type information for calls to NdrMesTypeDecode3. MIDL_TYPE_PICKLING_INFO is the second parameter, + MIDL_STUBLESS_PROXY_INFO is the third, the type pickling offset table is the fourth and the type index is the fifth. + + + + Parse NDR complex type information from a pickling structure. Used to extract explicit Encode/Decode method information. + + The process to read from. + Pointer to the MIDL_TYPE_PICKLING_INFO structure. + The pointer to the MIDL_STUB_DESC structure. + Offsets into the format string to the start of the types. + Specify additional parser flags. + The list of complex types. + This function is used to extract type information for calls to NdrMesTypeDecode2. MIDL_TYPE_PICKLING_INFO is the second parameter, + MIDL_STUB_DESC is the third (minus the offset). + + + + Parse NDR complex type information from a pickling structure. Used to extract explicit Encode/Decode method information. + + The process to read from. + Pointer to the MIDL_TYPE_PICKLING_INFO structure. + The pointer to the MIDL_STUB_DESC structure. + Offsets into the format string to the start of the types. + The list of complex types. + This function is used to extract type information for calls to NdrMesTypeDecode2. MIDL_TYPE_PICKLING_INFO is the second parameter, + MIDL_STUB_DESC is the third (minus the offset). + + + + Parse NDR complex type information from a pickling structure. Used to extract explicit Encode/Decode method information. + + Pointer to the MIDL_TYPE_PICKLING_INFO structure. + The pointer to the MIDL_STUB_DESC structure. + Offsets into the format string to the start of the types. + The list of complex types. + This function is used to extract type information for calls to NdrMesTypeDecode2. MIDL_TYPE_PICKLING_INFO is the second parameter, + MIDL_STUB_DESC is the third (minus the offset). + + + + Exception thrown when NDR parsing fails. + + + + + Constructor. + + Exception message. + + + + Constructor. + + Exception message. + Inner exception to wrap. + + + + Class respresenting an RPC protocol sequence. + + + + + The protocol sequence for the endpoint. + + + + + The endpoint name. + + + + + A parsed NDR RPC_SERVER_INTERFACE structure. + + + + + The RPC interface GUID. + + + + + The RPC interface version. + + + + + The RPC transfer syntax GUID. + + + + + The RPC transfer syntax version. + + + + + List of parsed procedures. + + + + + List of protocol sequences. + + + + + Overridden ToString method. + + The string form of this class. + + + + NDR format character. + + + + + Class to build text strings for an NDR formatter. + + + + + Push an indent string on to the indent stack. + + The string to indent any new lines. + The current builder instance. + + + + Push an indent on to the indent stack. + + The character to indent with. + The number of indent characters. + The current builder instance. + + + + Pop the current indent off the indent stack. + + The current builder instance. + + + + Append a string to the builder. + + The string to append. + The current builder instance. + + + + Append a formatted string to the builder. + + The string format. + The array of arguments to the formatter. + The current builder instance. + + + + Append a new line to the builder. + + The current builder instance. + + + + Append a string to the builder with a new line. + + The string to append. + The current builder instance. + + + + Append a formatted string to the builder with a new line. + + The string format. + The array of arguments to the formatter. + The current builder instance. + + + + Overridden ToString method, returns the current state of the builder. + + The current stated of the builder. + + + + Utilities for NDR marshaling. + + + + + Specify NDR marshaler trace level. + + Specify the NDR marshaler trace level. + Verbose marshal stack details. + + + + Datalink address type. + + + + + Access rights for a firewall object. + + + + + Represents a firewall address and mask. + + + + + The IP address. + + + + + The mask. + + + + + Mask prefix length. + + + + + Overridden ToString method. + + The value and mask as a string. + + + + Address family when IP protocol is not specified. + + + + + IPv4 + + + + + IPv6 + + + + + Ethernet + + + + + None + + + + + Class to represent a firewall ALE endpoint. + + + + + The ID of the endpoint. + + + + + The local endpoint. + + + + + The remote endpoint. + + + + + The protocol type. + + + + + The LUID for the token associated with the endpoint. + + + + + The IPsec security association identifier. + + + + + The IPsec security association identifier to expire. + + + + + The IPsec status of the endpoint. + + + + + Flags. + + + + + Associated application. + + + + + Filename of AppId. + + + + + Enumeration for ALE layer types. + + + + + Class to represent a firewall callout object. + + + + + Flags for the callout. + + + + + Provider key. + + + + + Provider data. + + + + + Applicable layer key. + + + + + Callout ID. + + + + + Flags for a firewall callout. + + + + + Guids for pre-defined callouts. + + + + + Flags for classify output. + + + + + Class to represet the result of a classify operations. + + + + + Action type of the classify result. + + + + + Internal context. + + + + + ID of the filter. + + + + + Associated rights. + + + + + Classify flags. + + + + + Base class to implement common condition building operations. + + + + + Specify list of firewall filter conditions. + + + + + Add a condition. + + The match type for the condition. + The field key for the condition. + The value for the condition. + + + + Add a condition range. + + The field key for the condition. + The low value for the range. + The high value from the range. + + + + Add an executable filename condition. + + The match type for the condition. + The path to the file to use. + + + + Add an App ID condition. + + The match type for the condition. + The path to the file already converted to absolute format. + + + + Add a user ID security descriptor condition. + + The match type for the condition. + The security descriptor. + + + + Add a remote user ID security descriptor condition. + + The match type for the condition. + The security descriptor. + + + + Add a remote machine ID security descriptor condition. + + The match type for the condition. + The security descriptor. + + + + Add a IP protocol type condition. + + The match type for the condition. + The protocol type for the condition. + + + + Add a conditions flag condition. + + The match type for the condition. + The flags for the condition. + + + + Add IP address. + + The match type for the condition. + True to specify remote, false for local. + The low IP address. + + + + Add IP address range. + + True to specify remote, false for local. + The low IP address. + The high IP address. + + + + Add port range. + + True to specify remote, false for local. + The low port. + The high port. + + + + Add port. + + The match type for the condition. + True to specify remote, false for local. + The port. + + + + Add an IP endpoint. + + The match type for the condition. + True to specify remote, false for local. + The IP endpoint. + + + + Add token information. + + The match type. + The token. + + + + Add remote token information. + + The match type. + The token. + + + + Add remote machine token information. + + The match type. + The token. + + + + Add a package SID condition. + + The match type. + The package SID. + + + + Add a condition which excludes app containers. + + + + + Add a condition which includes app containers. + + + + + Adds details from a process, such as the process' App ID and package SID and token information. + + The match type. + The process. + + + + Adds details from a process, such as the process' App ID and package SID and token information. + + The match type. + The PID of the process. + + + + Add the RPC UUID. + + Match type. + The RPC UUID. + + + + Add a network event type. + + Match type. + Network event type. + + + + Constructor. + + + + + Firewall condition flags. + + + + + Guids for pre-defined firewall conditions. + + + + + Direction of stream for firewall. + + + + + Outbound flow. + + + + + Inbound flow. + + + + + Place holder for an empty value. + + + + + Overridden ToString method. + + The value as a string. + + + + Class to represent the firewall engine. + + + + + Open an instance of the engine. + + The server name for the firewall service. + RPC authentication service. Use default or WinNT. + Optional authentication credentials. + Optional session information. + True to throw on error. + The opened firewall engine. + + + + Open an instance of the engine. + + The server name for the firewall service. + RPC authentication service. Use default or WinNT. + Optional authentication credentials. + Optional session information. + The opened firewall engine. + + + + Open an instance of the engine. + + True to throw on error. + The opened firewall engine. + + + + Open an instance of the engine. + + The opened firewall engine. + + + + Open a dynamic instance of the engine. + + True to throw on error. + The opened firewall engine. + + + + Open a dynamic instance of the engine. + + The opened firewall engine. + + + + Get an engine option. + + The option to get. + True to throw on error. + The engine option's value. + + + + Get an engine option. + + The option to get. + The engine option's value. + + + + Get the current network event keywords setting. + + True to throw on error. + The network event keywords. + + + + Get the current network event keywords setting. + + The network event keywords. + + + + Get collect net events option. + + True to throw on error. + True if net events are being collected. + + + + Get collect net events option. + + True if net events are being collected. + + + + Set an engine option. + + The option to set. + The value to set. + True to throw on error. + The NT status code. + + + + Set an engine option. + + The option to set. + The value to set. + + + + Set network event keywords. + + The keywords to set. + True to throw on error. + The NT status code. + + + + Set network event keywords. + + The keywords to set. + + + + Set the collection net events engine option. + + True to enable collection. + True to throw on error. + The NT status code. + + + + Set the collection net events engine option. + + True to enable collection. + + + + Get a layer by its key. + + The key of the layer. + True to throw on error. + The firewall layer. + + + + Get a layer by its key. + + The key of the layer. + The firewall layer. + + + + Get a layer by its ID. + + The ID of the layer. + True to throw on error. + The firewall layer. + + + + Get a layer by its ID. + + The ID of the layer. + The firewall layer. + + + + Get a layer by its well-known key name. + + The well-known key name of the layer. + True to throw on error. + The firewall layer. + + + + Get a layer by its well-known key name. + + The well-known key name of the layer. + The firewall layer. + + + + Get a layer by an ALE layer type. + + The ALE layer type. + True to throw on error. + The firewall layer. + + + + Get a layer by an ALE layer type. + + The ALE layer type. + The firewall layer. + + + + Enumerate all layers. + + True to throw on error. + The list of layers. + + + + Enumerate all layers. + + The list of layers. + + + + Get a sub-layer by its key. + + The key of the sub-layer. + True to throw on error. + The firewall sub-layer. + + + + Get a sub-layer by its key. + + The key of the sub-layer. + The firewall sub-layer. + + + + Get a sub-layer by its well-known key name. + + The well-known key name of the sub-layer. + True to throw on error. + The firewall sub-layer. + + + + Get a sub-layer by its well-known key name. + + The well-known key name of the sub-layer. + The firewall sub-layer. + + + + Enumerate all sub-layers. + + True to throw on error. + The list of sub-layers. + + + + Enumerate all sub-layers. + + The list of sub-layers. + + + + Get a callout by its key. + + The key of the callout. + True to throw on error. + The firewall callout. + + + + Get a callout by its key. + + The key of the callout. + The firewall callout. + + + + Enumerate all callouts + + True to throw on error. + The list of callouts. + + + + Enumerate all callouts. + + The list of callouts. + + + + Get a filter by its key. + + The key of the filter. + True to throw on error. + The firewall filter. + + + + Get a filter by its key. + + The key of the filter. + The firewall filter. + + + + Get a filter by its id. + + The ID of the filter. + True to throw on error. + The firewall filter. + + + + Get a filter by its id. + + The ID of the filter. + The firewall filter. + + + + Enumerate filters + + Specify a template for enumerating the filters. + True to throw on error. + The list of filters. + + + + Enumerate filters + + Specify a template for enumerating the filters. + The list of filters. + + + + Enumerate all filters + + True to throw on error. + The list of filters. + + + + Enumerate all filters. + + The list of filters. + + + + Add a filter. + + The builder used to create the filter. + Optional security descriptor. + True to throw on error. + The added filter ID. + + + + Add a filter. + + The builder used to create the filter. + Optional security descriptor. + The added filter ID. + + + + Add a filter. + + The builder used to create the filter. + The added filter ID. + + + + Delete a filter. + + The filter key. + True to throw on error. + The NT status. + + + + Delete a filter. + + The filter key. + + + + Delete a filter. + + The filter ID. + True to throw on error. + The NT status. + + + + Delete a filter. + + The filter ID. + + + + Get a provider by its key. + + The key of the provider. + True to throw on error. + The firewall provider. + + + + Get a provider by its key. + + The key of the provider. + The firewall provider. + + + + Enumerate all providers. + + True to throw on error. + The list of providers. + + + + Enumerate all providers. + + The list of providers. + + + + Get the security descriptor for the IKE SA database. + + What parts of the security descriptor to retrieve + True to throw on error. + The security descriptor + + + + Get the security descriptor for the IKE SA database. + + What parts of the security descriptor to retrieve + The security descriptor + + + + Get the security descriptor for the IKE SA database. + + The security descriptor + + + + Enumerate all IKE security associatations. + + True to throw on error. + The list of IKE security associatations. + + + + Enumerate all IKE security associatations. + + The list of IKE security associatations. + + + + Get an IKE security association by its ID and lookup context. + + The ID of the security association. + Optional lookup context. + True to throw on error. + The IKE security association. + + + + Get an IKE security association by its ID and lookup context. + + The ID of the security association. + Optional lookup context. + The IKE security association. + + + + Classify a layer. + + The ID of the layer. + A list of incoming values. + True to throw on error. + The classify result. + + + + Classify a layer. + + The ID of the layer. + A list of incoming values. + The classify result. + + + + Enumerate IPSEC key managers. + + True to throw on error. + The list of registered key managers. + + + + Enumerate IPSEC key managers. + + The list of registered key managers. + + + + Get key manager component security descriptor. + + The security information to query. + True to throw on error. + The security descriptor. + + + + Get key manager component security descriptor. + + The security information to query. + The security descriptor. + + + + Open token from its modified ID. + + The token's modified ID. + The desired token access. + True to throw on error. + The opened token. + + + + Open token from its modified ID. + + The token's modified ID. + The desired token access. + The opened token. + + + + Enumerate all ALE endpoints. + + True to throw on error. + The list of ALE endpoints. + + + + Enumerate all ALE endpoints. + + The list of ALE endpoints. + + + + Get an ALE endpoint by its ID. + + The ID of the ALE endpoint. + True to throw on error. + The ALE endpoint. + + + + Get an ALE endpoint by its ID. + + The ID of the ALE endpoint. + The ALE endpoint. + + + + Get the ALE endpoint security. + + The security information to query for. + True to throw on error. + The security descriptor. + + + + Get the ALE endpoint security. + + The security information to query for. + The security descriptor. + + + + Enumerate all sessions. + + True to throw on error. + The list of sessions. + + + + Enumerate all sessions. + + The list of sessions. + + + + Enumerate all network events. + + Template to filter down enumeration. + True to throw on error. + The list of network events. + + + + Enumerate all network events. + + True to throw on error. + The list of network events. + + + + Enumerate all network events. + + Template to filter down enumeration. + The list of network events. + + + + Subscribe to read network event.s + + True to throw on error. + Optional template to filter enumeration. + The network event listener. + + + + Subscribe to read network event.s + + Optional template to filter enumeration. + The network event listener. + + + + Subscribe to read network event.s + + True to throw on error. + The network event listener. + + + + Begin a firewall transaction. + + Flags for the transaction. + True to throw on error. + The firewall transaction. + Disposing the transaction will cause it to abort. You should call Commit to use it. + + + + Enumerate all IPsec SA contexts. + + True to throw on error. + The list of SA contexts. + + + + Enumerate all IPsec SA contexts. + + The list of SA contexts. + + + + Get an IPsec SA context by its ID. + + The ID of the IPsec SA context. + True to throw on error. + The IPsec SA context. + + + + Get an IPsec SA context by its ID. + + The ID of the IPsec SA context. + The IPsec SA context. + + + + Begin a firewall transaction. + + Flags for the transaction. + The firewall transaction. + Disposing the transaction will cause it to abort. You should call Commit to use it. + + + + Begin a read/write firewall transaction. + + The firewall transaction. + Disposing the transaction will cause it to abort. You should call Commit to use it. + + + + Dispose the engine. + + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + The security descriptor + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + True to throw on error. + The security descriptor + + + + Engine option to query or set. + + + + + Represents a firewall field schema. + + + + + The field's key. + + + + + The name of the key if known. + + + + + The type of the field. + + + + + The data type of the field. + + + + + Field type. + + + + + A class to represent a firewall filter. + + + + + The filter action type. + + + + + The layer the filter applies to. + + + + + The name of the layer if known. + + + + + The sub-layer the filter applies to. + + + + + The name of the sub-layer if known. + + + + + The flags for the filter. + + + + + List of firewall conditions. + + + + + Original weight of the filter. + + + + + Provider key. + + + + + Provider data. + + + + + Filter identifier. + + + + + Effective weight of the filter. + + + + + Type of filter. + + + + + Key for the callout. + + + + + Name of the callout key if known. + + + + + Is the filter a callout. + + + + + Has the filter got an AppID condition. + + + + + Has the filter got an AppContainer package ID condition. + + + + + Has the filter got a condition to check for a user ID. + + + + + Has the filter got a condition to check for a remote user ID. + + + + + Get a layer for this filter. + + True to throw on error. + The firewall layer. + + + + Get a layer for this filter. + + The firewall layer. + + + + Get a sub-layer for this filter. + + True to throw on error. + The firewall sub-layer. + + + + Get a sub-layer for this filter. + + The firewall sub-layer. + + + + Check if filter has any condition of a specific type. + + The condition type to check. + True if the filter has a condition of the specified type. + + + + Get the filter condition for a GUID. + + The condition type to get. + The filter condition. + + + + Delete the filter. + + True to throw on error. + The NT status. + + + + Delete the filter. + + + + + Convert the filter into a builder so that it can be modified. + + The created builder. + + + + Access rights for a firewall filter. + + + + + A builder to create a new firewall filter. + + + + + The name of the filter. + + + + + The description of the filter. + + + + + The filter key. If empty will be automatically assigned. + + + + + The layer key. + + + + + The sub-layer key. + + + + + Flags for the filter. + + + + + Specify the initial weight. + + You need to specify an EMPTY, UINT64 or UINT8 value. + + + + Specify the action for this filter. + + + + + Specify the filter type GUID when not using a callout. + + + + + Specify callout key GUID when using a callout. + + + + + Specify provider key GUID. + + + + + Constructor. + + + + + Firewall filter condition. + + + + + The match type. + + + + + The key of the field. + + + + + The field key name. + + + + + The value for the condition + + + + + Constructor. + + The condition match type. + The field key. + The value. + + + + Overridden ToString method. + + The condition as a string. + + + + Options for enumerating a filter. + + + + + Specify the key for the layer to search for. + + + + + Specify the provider key. + + + + + Specify the flags for the enumeration. + + + + + Specify the action type. + + + + + Constructor. + + The layer key. + + + + Constructor. + + The ALE layer type.. + + + + Constructor. + + + + + Class to represent a firewall layer object. + + + + + Layer flags. + + + + + Default sub-layer key. + + + + + The layer ID. + + + + + List of fields. + + + + + Is builtin layer. + + + + + Is a user-mode layer. + + + + + Enumerate filters for this layer. + + True to throw on error. + The list of sorted filters. + + + + Enumerate filters for this layer. + + The list of sorted filters. + + + + Flags for a firewall layer. + + + + + Guids for pre-defined firewall layers. + + + + + Firewall filter match type. + + + + + Direction type for a network event. + + + + + Inbound + + + + + Outbound. + + + + + Forwarding + + + + + Loopback. + + + + + Base class for a firewall network event. + + + + + Type of network event. + + + + + Flags for values set. + + + + + Timestamp of the event. + + + + + Type of protocol. + + + + + Local endpoint. + + + + + Remote endpoint. + + + + + IPv6 Scope ID. + + + + + Connection AppID. + + + + + Connection user ID. + + + + + Address family. + + + + + Package SID. + + + + + Class to represent a network event capability allow. + + + + + AppContainer network capability. + + + + + Filter ID. + + + + + Indicates whether the packet originated from (or was heading to) the loopback adapter. + + + + + Class to represent a network event capability drop. + + + + + AppContainer network capability. + + + + + Filter ID. + + + + + Indicates whether the packet originated from (or was heading to) the loopback adapter. + + + + + Class to represent a firewall classification allow. + + + + + Filter ID. + + + + + Layer ID. + + + + + Reason for reauthorizing + + + + + The original profile the connection was received on. + + + + + The profile the error occurred on. + + + + + Indicates the direction of the packet transmission. + + + + + Indicates whether the packet originated from (or was heading to) the loopback adapter. + + + + + Class to represent a firewall classification drop. + + + + + Filter ID. + + + + + Layer ID. + + + + + Reason for reauthorizing + + + + + The original profile the connection was received on. + + + + + The profile the error occurred on. + + + + + Indicates the direction of the packet transmission. + + + + + Indicates whether the packet originated from (or was heading to) the loopback adapter. + + + + + GUID identifier of a vSwitch. + + + + + Transient source port of a packet within the vSwitch. + + + + + Transient destination port of a packet within the vSwitch. + + + + + Template for network event enumeration. + + + + + Start time for events. + + + + + End time for event.s + + + + + Constructor. + + + + + Flags for a network event. + + + + + Class to represent an IKEEXT extended mode failure event. + + + + + Windows error code for the failure + + + + + Point of failure + + + + + Flags for the failure event + + + + + IKE or Authip. + + + + + Extended mode mode state + + + + + Initiator or Responder + + + + + Authentication method + + + + + Hash (SHA thumbprint) of the end certificate corresponding to failures + that happen during building or validating certificate chains. + + + + + LUID for the MM SA + + + + + Quick mode filter ID + + + + + Name of local security principal that was authenticated, if available. + If not available, an empty string will be stored. + + + + + Name of remote security principal that was authenticated, if available. + If not available, an empty string will be stored. + + + + + Array of group SIDs corresponding to the local security principal that + was authenticated, if available. + + + + + Array of group SIDs corresponding to the remote security principal that + was authenticated, if available. + + + + + Class to represent an IKEEXT main mode failure event. + + + + + Windows error code for the failure + + + + + Point of failure + + + + + Flags for the failure event + + + + + IKE or Authip. + + + + + Main mode state + + + + + Initiator or Responder + + + + + Authentication method + + + + + Hash (SHA thumbprint) of the end certificate corresponding to failures + that happen during building or validating certificate chains. + + + + + LUID for the MM SA + + + + + Main mode filter ID + + + + + Name of local security principal that was authenticated, if available. + If not available, an empty string will be stored. + + + + + Name of remote security principal that was authenticated, if available. + If not available, an empty string will be stored. + + + + + Array of group SIDs corresponding to the local security principal that + was authenticated, if available. + + + + + Array of group SIDs corresponding to the remote security principal that + was authenticated, if available. + + + + + Class to represent an IKEEXT quick mode failure event. + + + + + Windows error code for the failure + + + + + Point of failure + + + + + IKE or Authip. + + + + + Main mode state + + + + + Initiator or Responder + + + + + Tunnel or transport mode. + + + + + Main mode filter ID + + + + + Local subnet address and mask. + + + + + Remote subnet address and mask. + + + + + Class to represent an IPsec kernel drop event. + + + + + Failure error code. + + + + + Connection direction. + + + + + Security parameter index. + + + + + Filter ID. + + + + + Layer ID. + + + + + Flags for network events to capture. + + + + + Class to listen for network events. + + + + + Read the next network event. + + Timeout in milliseconds. + Returns null if not event available, otherwise the next event. + + + + Read the next network event. Waiting indefinetely for the event. + + Returns null if not event available, otherwise the next event. + + + + Dispose the listener. + + + + + Type of network event. + + + + + AppContainer capability type. + + + + + Abstract class to represent a firewall object. + + + + + The object's key. + + + + + The object's name. + + + + + The object's description. + + + + + The object's key name. + + + + + The object's security descriptor. + + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + The security descriptor + The firewall engine object must still be open. + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + True to throw on error. + The security descriptor + The firewall engine object must still be open. + + + + Profile ID for the firewall. + + + + + Class to represent a firewall provider. + + + + + Name of the service which implements the provider. + + + + + Flags for the provider. + + + + + Provider data. + + + + + Flags for a firewall provider. + + + + + A firewall value range. + + + + + The low value. + + + + + The high value. + + + + + Overridden ToString method. + + The range as a string. + + + + Right action flags. + + + + + Class to represent a firewall session. + + + + + The session key. + + + + + Name of the session. + + + + + Description of the session. + + + + + Session flags. + + + + + Transaction wait timeout in ms. + + + + + The process ID of the session owner. + + + + + The user SID of the owner. + + + + + The name of the owner. + + + + + Is session kernel mode. + + + + + Constructor. Used when opening a session. + + The name of the session. + The description of the sesion. + Session flags. + Transaction timeout in ms. + + + + Constructor. Used when opening a session. + + Session flags. + + + + Class to represent a firewall sublayer. + + + + + Sub-layer flags. + + + + + The provider key. + + + + + Provider data. + + + + + Weight of the sub-layer. + + + + + Flags for a sub-layer. + + + + + Guids for pre-defined firewall sub-layers. + + + + + Token information for a condition. + + + + + The list of SIDs. + + + + + The list of restricted SIDs. + + + + + Capabilities. + + This is only used for local filtering. It's not used by WFP. + + + + Appcontainer SID. + + This is only used for local filtering. It's not used by WFP. + + + + User SID. + + This is only used for local filtering. It's not used by WFP. + + + + Constructor from a token. + + The token to constructo from. + + + + Constructor. + + The list of SIDs. + The list of restricted SIDs. + + + + Class to scope a firewall transaction. + + + + + Abort the transaction. + + True to throw on error. + The NT status code. + + + + Abort the transaction. + + + + + Commit the transaction. + + True to throw on error. + The NT status code. + + + + Commit the transaction. + + + + + Dispose the transaction. Will ca + + + + + Flags when creating a transaction. + + + + + No flags, creates a read/write transaction. + + + + + Read-only transaction. + + + + + Static class for firewall utility functions. + + + + + Name for fake NT type. + + + + + Name for fake filter NT type. + + + + + Get the NT type for the firewall. + + + + + Get the NT type for the firewall. + + + + + Get the generic mapping for a firewall object. + + The firewall object generic mapping. + + + + Get the generic mapping for a firewall filter object. + + The firewall filter object generic mapping. + + + + Get App ID from a filename. + + The filename to convert. + True to throw on error. + The App ID. + + + + Get App ID from a filename. + + The filename to convert. + The App ID. + + + + Get a list of known layer names. + + The list of known layer names. + + + + Get a list of known layer guids. + + The list of known layer guids. + + + + Get a known layer GUID from its name. + + The name of the layer. + The known layer GUID. + + + + Get a known callout GUID from its name. + + The name of the callout. + The known callout GUID. + + + + Get a list of known sub-layer names. + + The list of known sub-layer names. + + + + Get a list of known callout names. + + The list of known callout names. + + + + Get a list of known sub-layer guids. + + The list of known sub-layer guids. + + + + Get a known sub-layer GUID from its name. + + The name of the sub-layer. + The known sub-layer GUID. + + + + Get a layer GUID for an ALE layer enumeration. + + The ALE layer enumeration. + The ALE layer GUID. + + + + Firewall value. + + + + + Type of the value. + + + + + The raw value. + + + + + The context specific value, might be the same as the original. + + + + + Get a value which represents Empty. + + + + + Create a value from a security descriptor. + + The security descriptor. + The firewall value. + + + + Create a value from a SID. + + The SID. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The IPv4 address. + The IPv4 mask. + The firewall value. + + + + Create a value. + + The IPv6 address. + The prefix length. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a range value. + + The low value. + The high value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Create a value. + + The value. + The firewall value. + + + + Overridden ToString method. + + The value as a string. + + + + Class to represent a certificate credential. + + + + + Certificate subject name. + + + + + Certificatehash. + + + + + Flags. + + + + + Certificate. + + + + + Overridden ToString method. + + The pair as a string. + + + + Class to represent an IKE credential. + + + + + Authentication method type. + + + + + Impersonation type. + + + + + Overridden ToString method. + + The pair as a string. + + + + Structure to represent a pair of credentials. + + + + + Local credentials. + + + + + Peer credentials. + + + + + Overridden ToString method. + + The pair as a string. + + + + IKEEXT EM failure flags. + + + + + Flag indicating that multiple IKE EM failure events have been reported that + should be correlated using the mmId field. + + + + + Flag indicating that the IKE EM failure event is a benign/expected failure + + + + + IKE extended mode states + + + + + Initial state. No EM packets have been sent to the peer yet. + + + + + State corresponding to the first EM roundtrip + + + + + State corresponding to the second EM roundtrip + + + + + State corresponding to the final EM roundtrip + + + + + State corresponding to the final EM roundtrip + + + + + EM has been completed + + + + + IKEEXT MM failure flags. + + + + + Flag indicating that the IKE MM failure event is a benign/expected failure. + + + + + Flag indicating that multiple IKE MM failure events have been reported that + should be correlated using the mmId field. + + + + + IKE main mode states + + + + + Initial state. No MM packets have been sent to the peer yet. + + + + + First roundtrip packet has been sent to the peer. + + + + + Second roundtrip packet has been sent to the peer, for SSPI auth. + + + + + Second roundtrip packet has been sent to the peer. + + + + + Final roundtrip packet has been sent to the peer. + + + + + MM has been completed. + + + + + IKE quick mode states + + + + + Initial state. No QM packets have been sent to the peer yet. + + + + + State corresponding to the first QM roundtrip + + + + + State corresponding to the final QM roundtrip + + + + + QM has been completed. + + + + + IKE main mode or quick mode SA role + + + + + SA is initiator + + + + + SA is responder + + + + + Class to represent an IKE name credential. + + + + + The credential principal name. + + + + + Overridden ToString method. + + The pair as a string. + + + + Class to represent an IKE pre-shared key credential. + + + + + The pre-shared key. + + + + + Key flags. + + + + + Class to represent an IKE security association. + + + + + ID for the security association. + + + + + Key module type. + + + + + The local address of the association. + + + + + The remote address of the association. + + + + + Initiator cookie. + + + + + Responder cookie. + + + + + IKE policy key, + + + + + Virtual interface tunnel ID. + + + + + Correlation key. + + + + + List of credentials. + + + + + Cipher algorithm for the security association. + + + + + Length of the key. + + + + + Number of rounds. + + + + + Integrity algorithm for the security association. + + + + + Maximum lifetime in seconds. + + + + + Diffie-Hellman group. + + + + + Quick mode limit. + + + + + IPsec auth config. + + + + + IPsec authentication type. + + + + + IPsec Cipher Configuration. + + + + + IPSec Cipher Type. + + + + + Type used for indicating where an IPsec failure occured. + + + + + No information available. + + + + + IPsec failure happened on local machine. + + + + + IPsec failure happened on remote machine. + + + + + Class to represent a IPsec identity + + + + + Main-mode target name. + + + + + Extended mode target name. + + + + + List of tokens. + + + + + Explicit credentials handle. + + + + + Logon ID. + + + + + Class to prepresent a key manager. + + + + + The manager's key. + + + + + The manager's name. + + + + + The manager's description. + + + + + The manager's flags. + + + + + The manager's dictation timeout hint. + + + + + Flags for IPsec key manager. + + + + + IPsec perfect forward secrecy group. + + + + + Class to represent the details of an IPsec security association. + + + + + Directory of SA. + + + + + Local endpoint. + + + + + Remote endpoint. + + + + + Traffic type. + + + + + Traffic type ID. + + + + + IP protocol type. + + + + + Interface LUID. + + + + + Real interface profile ID. + + + + + The SA bundle. + + + + + Local IPv4 UDP encapsulation port. + + + + + Remote IPv4 UDP encapsulation port. + + + + + Transport filter. + + + + + Virtual interface tunnel ID. + + + + + Traffic selector ID. + + + + + Overridden ToString method. + + The overridden ToString method. + + + + Class to represent a security association bundle. + + + + + Flags for the SA. + + + + + SA lifetime in seconds. + + + + + SA lifetime in KiB. + + + + + SA lifetime in packets. + + + + + Idle timeout. + + + + + ND allow clear timeout. + + + + + Identity for IPsec SA. + + + + + NAP context. + + + + + Quick-mode SA ID. + + + + + Key module key. + + + + + Key module state blob. + + + + + List of security association parameters. + + + + + Peer V4 private address. + + + + + Main-mode SA ID. + + + + + PFS group. + + + + + SA lookup context. + + + + + QM filter ID. + + + + + IPsec SA bundle flags. + + + + + Negotiation discovery is enabled in secure ring. + + + + + Negotiation discovery in enabled in the untrusted perimeter zone. + + + + + Peer is in untrusted perimeter zone ring and a network address translation (NAT) is in the way. Used with negotiation discovery. + + + + + Indicates that this is an SA for connections that require guaranteed encryption. + + + + + Indicates that this is an SA to an NLB server. + + + + + Indicates that this SA should bypass machine LUID verification. + + + + + Indicates that this SA should bypass impersonation LUID verification. + + + + + Indicates that this SA should bypass explicit credential handle matching. + + + + + Allows an SA formed with a peer name to carry traffic that does not have an associated peer target. + + + + + Clears the DontFragment bit on the outer IP header of an IPsec-tunneled packet. This flag is applicable only to tunnel mode SAs. + + + + + Default encapsulation ports (4500 and 4000) can be used when matching this SA with packets on outbound connections that do not have an associated IPsec-NAT-shim context. + + + + + Peer has negotiation discovery enabled, and is on a perimeter network. + + + + + Suppresses the duplicate SA deletion logic. THis logic is performed by the kernel when an outbound SA is added, to prevent unnecessary duplicate SAs. + + + + + Indicates that the peer computer supports negotiating a separate SA for connections that require guaranteed encryption. + + + + + Class to represent an IPsec security association context. + + + + + ID of the context. + + + + + Inbound security association. + + + + + Outbound security association. + + + + + Base security association class. + + + + + Index of the security parameter (SPI). + + + + + Transform type. + + + + + IPsec SA authentication information. + + + + + Type of authentication. + + + + + Authentication configuration. + + + + + Module ID for the crypto. + + + + + Authentication key. + + + + + IPsec SA authentication information. + + + + + Type of cipher. + + + + + Cipher configuration. + + + + + Module ID for the crypto. + + + + + Cipher key. + + + + + IPsec SA authentication information. + + + + + Type of authentication. + + + + + Authentication configuration. + + + + + Modify ID for the crypto. + + + + + Authentication key. + + + + + Type of cipher. + + + + + Cipher configuration. + + + + + Module ID for the crypto. + + + + + Cipher key. + + + + + Class to represent an IPsec token. + + + + + Type of token. + + + + + Token principal. + + + + + Token mode. + + + + + Handle to the token. + + + + + Get the token from the IKEEXT service. + + True to throw on error. + The token. + + + + Get the token from the IKEEXT service. + + The token. + + + + IPsec traffic type. + + + + + Network interface type. + + See https://www.iana.org/assignments/ianaiftype-mib + + + + Network layer address type. + + + + + Type of network tunnel. + + + + + Endpoint implementation for a HyperV socket. + + + + + Address family. + + + + + Protocol type for HyperV sockets. + + + + + Default constructor. + + + + + Constructor. + + + + + Get or set the service ID. + + + + + Get or set the VM ID. + + + + + Address family. + + + + + Serialize the socket address. + + The serialized address. + + + + Create a endpoint from a socket address. + + The socket address. + The created endpoint. + + + + Overridden ToString method. + + The endpoint as a string. + + + + Overridden equals method. + + The object to compare. + True if the objects are equal. + + + + Get endpoint hash code. + + The hashcode. + + + + GUIDs for HyperV Sockets. + + + + + Allows accepting connections from all partitions. + + + + + Broadcast. Send to all sockets. + + + + + Allows accepting connections form all child partitions. + + + + + Connect or bind to the loopback address. + + + + + Connect to the parent container. + + + + + Connect to the silo host container. + + + + + VSOCK template GUID. + + + + + Create an address for a VSOCK port. + + The VSOCK port. + The address. + + + + Checks if an address is a VSOCK address. + + The address to check. + True if a VSOCK address. + + + + Get the port for a VSOCK address. + + The address to query. + The VSOCK port. + Throw if not a valid VSOCK address. + + + + Convert an address to a string. + + The address to convert. + The converted address. If not symbolic name found will return the GUID as a string. + + + + Class to represent current socket security configuration. + + + + + Access token for the peer application. + + + + + Access token for the peer machine. + + + + + Socket security flags. + + + + + Security association ID for main mode. + + + + + Security association ID for quick mode. + + + + + Negotiation windows error. + + + + + Security association lookup context. Can be used to bypass security + checks for querying the security association information from the + firewall. + + + + + Dispose method. + + + + + Socket security IPsec flags. + + + + + Flags for querying socket security fields. + + + + + Flags for querying socket security information. + + + + + Socket security query flags. + + + + + Socket security setting flags. + + + + + Settings for socket security + + + + + The security flags. + + + + + The IPsec flags. + + + + + AuthIP MM policy key. + + + + + AuthIP QM policy key. + + + + + User credentials. + + + + + Authentication ID of a user, needs kernel mode to set. + + + + + Utilities for socket security. + + + + + Impersonate the socket's peer. + + The socket to impersonate. + Optional peer address. Only needed for datagram sockets. + True to throw on error. + The impersonation context. + + + + Impersonate the socket's peer. + + The socket to impersonate. + Optional peer address. Only needed for datagram sockets. + The impersonation context. + + + + Impersonate the socket's peer. + + The TCP client to impersonate. + True to throw on error. + The impersonation context. + + + + Impersonate the socket's peer. + + The TCP client to impersonate. + The impersonation context. + + + + Query the socket security information. + + The socket to query. + Optional peer address. Only needed for datagram sockets. + Optional desired access for peer tokens. If set to None then no tokens will be returned. + True to throw on error. + The socket security information. + + + + Query the socket security information. + + The socket to query. + Optional peer address. Only needed for datagram sockets. + Optional desired access for peer tokens. If set to None then no tokens will be returned. + The socket security information. + + + + Query the socket security information. + + The TCP client to query. + Optional desired access for peer tokens. If set to None then no tokens will be returned. + True to throw on error. + The socket security information. + + + + Query the socket security information. + + The TCP client to query. + Optional desired access for peer tokens. If set to None then no tokens will be returned. + The socket security information. + + + + Set the socket security information. + + The socket to set. + The security settings. + True to throw on error. + The NT status code. + + + + Set the socket security information. + + The socket to set. + The security settings. + + + + Set the socket security information. + + The TCP listener to set. + The security settings. + True to throw on error. + The NT status code. + + + + Set the socket security information. + + The TCP listener to set. + The security settings. + + + + Set the socket security information. + + The TCP client to set. + The security settings. + True to throw on error. + The NT status code. + + + + Set the socket security information. + + The TCP client to set. + The security settings. + + + + Set target peer for socket. + + The socket to set. + The target name. + Optional peer address. Only needed for datagram sockets. + True to throw on error. + The NT status code. + + + + Set target peer for socket. + + The socket to set. + The target name. + Optional peer address. Only needed for datagram sockets. + + + + Set target peer for socket. + + The socket to set. + The target name. + True to throw on error. + The NT status code. + + + + Set target peer for socket. + + The socket to set. + The target name. + + + + Set target peer for socket. + + The socket to set. + The target name. + True to throw on error. + The NT status code. + + + + Set target peer for socket. + + The socket to set. + The target name. + + + + Delete target peer for socket. + + The socket to set. + Peer address. + True to throw on error. + The NT status code. + + + + Security protocol for a socket. + + + + + Endpoint implementation for a AF_UNIX socket. + + + + + Default constructor. + + + + + Constructor. + + The path to the unix socket. + + + + Get or set the path. + + + + + Address family. + + + + + Serialize the socket address. + + The serialized address. + + + + Create a endpoint from a socket address. + + The socket address. + The created endpoint. + + + + Overridden ToString method. + + The endpoint as a string. + + + + Overridden equals method. + + The object to compare. + True if the objects are equal. + + + + Get endpoint hash code. + + The hashcode. + + + + A class to represent a TLS record. + + + + + TLS record type. + + + + + Version of protocol. + + + + + The record data. + + + + + Parse a TLS record from a binary reader. + + The reader to read from. + The parsed TLS record. + + + + Parse a TLS record from a byte array. + + The byte array. + The parsed TLS record. + + + + Type for a TLS record. + + + + + Change cipher spec. + + + + + Alert. + + + + + Handshake. + + + + + Application data. + + + + + Class to represent an ALPC port. + + + + + Disconnect this port. + + Disconection flags. + True to throw on error. + The NT status code. + + + + Disconnect this port. + + Disconection flags. + + + + Disconnect this port. + + + + + Cancel a message based on a context attribute. + + Cancellation flags. + The context attributes. + True to throw on error. + The NT status code. + + + + Cancel a message based on a context attribute. + + Cancellation flags. + The context attributes. + + + + Cancel a message based on a context attribute. + + The context attributes. + + + + Send and receive messages on an ALPC port. + + Send/Receive flags. + The message to send. Optional. + The attributes to send with the message. Optional. + The message to receive. Optional. + The attributes to receive with the message. Optional. + Time out for the send/receive. + True to throw on error. + The NT status code. + The attribute parameters will be repopulated with the attribute results. + + + + Send and receive messages on an ALPC port. + + Send/Receive flags. + The message to send. Optional. + The attributes to send with the message. Optional. + The message to receive. Optional. + The attributes to receive with the message. Optional. + Time out for the send/receive. + True if completed successfully, false if timed out. + Thrown on error. + + + + Send a message on an ALPC port. + + Send flags. + The message to send. Optional. + The attributes to send with the message. Optional. + Time out for the send/receive. + True to throw on error. + The NT status code. + The attribute parameters will be repopulated with the attribute results. + + + + Send a message on an ALPC port. + + Send flags. + The message to send. Optional. + The attributes to send with the message. Optional. + Time out for the send/receive. + The attribute parameters will be repopulated with the attribute results. + True if completed successfully, false if timed out. + Thrown on error. + + + + Send a message on an ALPC port. + + Send flags. + The message to send. Optional. + The attribute parameters will be repopulated with the attribute results. + + + + Receive a message on an ALPC port. + + Receive flags. + The maximum length to receive. + The attributes to receive with the message. Optional. + Time out for the send/receive. + True to throw on error. + The received message. + The attribute parameters will be repopulated with the attribute results. + + + + Receive a message on an ALPC port. + + Receive flags. + The maximum length to receive. + The attributes to receive with the message. Optional. + Time out for the send/receive. + The received message. + The attribute parameters will be repopulated with the attribute results. + + + + Receive a message on an ALPC port. + + Receive flags. + The maximum length to receive. + The attributes to receive with the message. Optional. + The received message. + The attribute parameters will be repopulated with the attribute results. + + + + Receive a message on an ALPC port. + + Receive flags. + The maximum length to receive. + The received message. + The attribute parameters will be repopulated with the attribute results. + + + + Receive a message on an ALPC port. + + Receive flags. + The attributes to receive with the message. Optional. + Time out for the send/receive. + True to throw on error. + The received message. + The attribute parameters will be repopulated with the attribute results. + The type of structure to receive. + + + + Receive a message on an ALPC port. + + Receive flags. + The attributes to receive with the message. Optional. + Time out for the send/receive. + The attribute parameters will be repopulated with the attribute results. + The type of structure to receive. + + + + Receive a message on an ALPC port. + + Receive flags. + The attributes to receive with the message. Optional. + The attribute parameters will be repopulated with the attribute results. + The type of structure to receive. + + + + Receive a message on an ALPC port. + + Receive flags. + The type of structure to receive. + + + + Impersonate client of port for a message. + + The message send by the client. + Impersonation flags. + Required impersonation level. Need to set RequiredImpersonationLevel flag as well. + True to throw on error. + Thread impersonation context. + + + + Impersonate client of port for a message. + + The message send by the client. + Impersonation flags. + Required impersonation level. Need to set RequiredImpersonationLevel flag as well. + Thread impersonation context. + + + + Impersonate client of port for a message. + + The message send by the client. + Thread impersonation context. + + + + Impersonate client container of port for a message. + + The message send by the client. + Impersonation flags. + True to throw on error. + Thread impersonation context. + + + + Impersonate client container of port for a message. + + The message send by the client. + Impersonation flags. + Thread impersonation context. + + + + Impersonate client container of port for a message. + + The message send by the client. + Thread impersonation context. + + + + Open the process of the message sender. + + The sent message. + Optional flags. Currently none defined. + The desired access for the process. + Optional object attributes. + True to throw on error. + The opened process object. + + + + Open the process of the message sender. + + The sent message. + Optional flags. Currently none defined. + The desired access for the process. + Optional object attributes. + The opened process object. + + + + Open the process of the message sender. + + The sent message. + The desired access for the process. + The opened process object. + + + + Open the process of the message sender with maximum privileges. + + The sent message. + The opened process object. + + + + Open the thread of the message sender. + + The sent message. + Optional flags. Currently none defined. + The desired access for the thread. + Optional object attributes. + True to throw on error. + The opened thread object. + + + + Open the thread of the message sender. + + The sent message. + Optional flags. Currently none defined. + The desired access for the thread. + Optional object attributes. + The opened thread object. + + + + Open the thread of the message sender. + + The sent message. + The desired access for the thread. + The opened thread object. + + + + Open the thread of the message sender with maximum privileges. + + The sent message. + The opened thread object. + + + + Associate an IO completion port with this ALPC port. + + The IO completion object. + Optional completion key. + True to throw on error. + The NT status code. + + + + Associate an IO completion port with this ALPC port. + + The IO completion object. + Optional completion key. + The NT status code. + + + + Check if the current SID matches the connected SID. + + The SID to compare. + True to throw on error. + True if the connected SID matches the specified SID. + + + + Check if the current SID matches the connected SID. + + The SID to compare. + True if the connected SID matches the specified SID. + + + + Create a new port section. + + Flags for the port section. + Optional backing section. + Size of the section to create. + True to throw on error. + The created port section. + + + + Create a new port section. + + Flags for the port section. + Optional backing section. + Size of the section to create. + The created port section. + + + + Create a new port section. + + Flags for the port section. + Size of the section to create. + The created port section. + + + + Create a new port section. + + Size of the section to create. + The created port section. + + + + Get a handle entry for a message. + + The handle index to get. + The associated message. + True to throw on error. + The ALPC handle entry. + + + + Get a handle entry for a message. + + The handle index to get. + The associated message. + The ALPC handle entry. + + + + Create a security context. + + Flags for the creation. + Security quality of service. + True to throw on error. + The created security context. + + + + Create a security context. + + Flags for the creation. + Security quality of service. + The created security context. + + + + Create a security context. + + Security quality of service. + The created security context. + + + + Create a security context. + + The created security context. + + + + Set port attribute flags. + + The flags to set. + True to throw on error. + The NT status code. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Port flags. + + + + + Port sequence number. + + + + + Port context. + + + + + Class to represent an ALPC client port. + + + + + Connect to an ALPC port. + + The path to the port. + Object attributes for the handle. Optional. + Attributes for the port. Optional. + Send flags for the initial connection message. + Required SID for the server. + Initial connection message. + Outbound message attributes. + Inbound message atributes. + Connect timeout. + True to throw on error. + The connected ALPC port. + + + + Connect to an ALPC port. + + The path to the port. + Object attributes for the handle. Optional. + Attributes for the port. Optional. + Send flags for the initial connection message. + Required SID for the server. + Initial connection message. + Outbound message attributes. + Inbound message atributes. + Connect timeout. + The connected ALPC port. + Thrown on error. + + + + Connect to an ALPC port. + + The name of the port to connect to. + Attributes for the port. + The connected ALPC port object. + + + + Connect to an ALPC port. + + Object attribute for the port name. + Object attributes for the handle. Optional. + Attributes for the port. Optional. + Send flags for the initial connection message. + Required security descriptor for the server. + Initial connection message. + Outbound message attributes. + Inbound message atributes. + Connect timeout. + True to throw on error. + The connected ALPC port. + Only available on Windows 8+. + + + + Connect to an ALPC port. + + Object attribute for the port name. + Object attributes for the handle. Optional. + Attributes for the port. Optional. + Send flags for the initial connection message. + Required security descriptor for the server. + Initial connection message. + Outbound message attributes. + Inbound message atributes. + Connect timeout. + The connected ALPC port. + Thrown on error. + + + + Connect to an ALPC port. + + Object attribute for the port name. + Attributes for the port. + The connected ALPC port object. + + + + Get the server process information. + + True to throw on error. + The process information. + + + + Get the server process information. + + The process information. + + + + Get the server process ID. + + + + + Get the server session ID. + + + + + Class to represent an ALPC server port. + + + + + Create an ALPC port. + + The object attributes for the port. + The attributes for the port. + True to throw on error. + The created object. + + + + Create an ALPC port. + + The object attributes for the port. + The attributes for the port. + The created object. + Thrown on error. + + + + Create an ALPC port. + + The name of the port to create. + The attributes for the port. + The created object. + Thrown on error. + + + + Accept a new connection on a port. + + The message send flags. + Object attributes. Optional. + The attributes for the port. + Port context. Optional. + Connect request message. + Connect request attributes. + True to accept the connection. + True to throw on error. + The accepted port. + + + + Accept a new connection on a port. + + The message send flags. + Object attributes. Optional. + The attributes for the port. + Port context. Optional. + Connect request message. + Connect request attributes. + True to accept the connection. + The accepted port. + + + + Accept a new connection on a port. + + The message send flags. + Connect request message. + Connect request attributes. + True to accept the connection. + The accepted port. + + + + Access rights for ALPC + + + + + ALPC Port Information Class + + + + + If set then object duplication won't complete. Used by RPC to ensure + multi-handle attributes don't fail when receiving. + + + + + Use in a reply to release the view. + + + + + Automatically release the view once it's passed to the receiver. + + + + + Make the data view secure. + + + + + When used all structures passed to kernel need to be 64 bit versions. + + + + + Static utilities for ALPC. + + + + + Wait for the result to complete. This could be waiting on an event + or the file handle. + + Wait timeout. Will cancel the operation if it times out. + Returns true if the wait completed successfully. + If true is returned then status and information can be read out. + + + + Wait for the result to complete asynchronously. This could be waiting on an event + or the file handle. + + Cancellation token. + Returns true if the wait completed successfully. + If true is returned then status and information can be read out. + + + + Return the status information field. + + Thrown if not complete. + + + + Return the status information field. (32 bit) + + Thrown if not complete. + + + + Get completion status code. + + Thrown if not complete. + + + + Returns true if the call is pending. + + + + + Dispose object. + + + + + Reset the file result so it can be reused. + + + + + Cancel the pending IO operation. + + + + + Cancel the pending IO operation. + + True to throw on error. + The NT status code. + + + + Class to handle NT atoms + + + + + Add a global atom name + + The name to add + Flags for the add. + True to throw on error. + A reference to the atom + + + + Add a global atom name + + The name to add + Flags for the add. + A reference to the atom + + + + Add a global atom name + + The name to add + True to throw on error. + A reference to the atom + + + + Add a global atom name + + The name to add + A reference to the atom + + + + Find a global atom by name. + + The name of the atom. + True to throw on error. + The found atom. + + + + Find a global atom by name. + + The name of the atom. + The found atom. + + + + Query if a global atom exists. + + The atom to check. + True if the atom exists. + + + + Query if the atom exists. + + The atom to check. + Specify true to check for a global atom, otherwise gets a user atom. + True if the atom exists. + + + + Open a global atom by number. + + The atom to open. + True to check atom exists. + True to open a global atom, otherwise a user atom. + True to throw on error. + The atom object. + + + + Open a global atom by number. + + The atom to open. + True to check atom exists. + True to throw on error. + The atom object. + + + + Open a global atom by number. + + The atom to open. + True to check atom exists. + The atom object. + + + + Open a global atom by number. + + The atom to open. + The atom object. + + + + Enumerate all atoms. + + An enumeration of all atoms on the system. + + + + Enumerate all global atoms. + + An enumeration of all atoms on the system. + + + + Delete a global atom. + + True to throw on error. + The NT status code. + + + + Delete a global atom. + + + + + Get the name of the atom. + + True to throw on error. + The name of the atom. + + + + The atom value + + + + + Get the name of the atom. + + The name of the atom + + + + If true indicates this is a global atom, otherwise it's a user atom. + + + + + Class representing a NT Debug object + + + + + Create a debug object + + The debug object name (can be null) + The root directory for relative names + Debug object flags. + The debug object + + + + Create a debug object + + Desired access for the debug object + Object attributes for debug object + Debug object flags. + The debug object + + + + Create a debug object + + Desired access for the debug object + Object attributes for debug object + Debug object flags. + True to throw an exception on error. + The NT status code and object result. + + + + Create a debug object + + The debug object + + + + Open a named debug object + + The debug object name + The root directory for relative names + Desired access for the debug object + The debug object + + + + Open a named debug object + + The object attributes to open. + Desired access for the debug object + The debug object + + + + Open a named debug object + + The object attributes to open. + Desired access for the debug object + True to throw an exception on error. + The NT status code and object result. + + + + Open the current thread's debug object. + + True to throw on error. + The opened debug object. Returns null if no object exists. + + + + Open the current thread's debug object. Returns null if no object exists. + + + + + Attach to an active process. + + The process to debug. + True to throw on error. + The NT status code. + + + + Attach to an active process. + + The process ID to debug. + True to throw on error. + The NT status code. + + + + Attach to an active process. + + The process to debug. + + + + Attach to an active process. + + The process ID to debug. + + + + Detach a process from this debug object. + + The process to remove. + True to throw on error. + The NT status code. + + + + Detach a process from this debug object. + + The process to remove. + + + + Detach a process from this debug object. + + The process ID to remove. + True to throw on error. + The NT status code. + + + + Detach a process from this debug object. + + The process ID to remove. + + + + Set kill process on close flag. + + The flag state. + True to throw on error. + The NT status code. + + + + Set kill process on close flag. + + The flag state. + + + + Continue the debugged process. + + The client ID for the process and thread IDs. + The continue status code. + True to throw on error. + The NT status code. + + + + Continue the debugged process. + + The process ID to continue. + The thread ID to continue. + The continue status code. + True to throw on error. + The NT status code. + + + + Continue the debugged process. + + The client ID for the process and thread IDs. + The continue status code. + + + + Continue the debugged process. + + The process ID to continue. + The thread ID to continue. + The continue status code. + + + + Continue the debugged process with a success code. + + The process ID to continue. + The thread ID to continue. + + + + Wait for a debug event. + + True to set the thread as alertable. + Wait timeout. + True to throw on error. + The debug event. + + + + Wait for a debug event. + + True to set the thread as alertable. + Wait timeout. + The debug event. + + + + Wait for a debug event. + + Wait timeout. + The debug event. + + + + Wait for a debug event. + + Wait timeout in milliseconds. + The debug event. + + + + Wait for a debug event. + + The debug event. + + + + Class which represents a desktop object. + + + + + Open a desktop by name. + + The object attributes for opening. + Flags for opening the desktop. + Desired access. + True to throw on error. + The instance of the desktop. + Thrown on error. + + + + Open a desktop by name. + + The object attributes for opening. + Flags for opening the desktop. + Desired access. + The instance of the desktop. + Thrown on error. + + + + Open a desktop by name. + + The name of the desktop. + Optional root object + An instance of NtDesktop. + Thrown on error. + + + + Open a desktop by name. + + The name of the desktop. + An instance of NtDesktop. + + + + Create a new desktop. + + The object attributes for opening. + Flags for opening the desktop. + Desired access. + True to throw on error. + Device name. + Device mode. + Heap size. + An instance of NtDesktop. + + + + Create a new desktop. + + The object attributes for opening. + Flags for opening the desktop. + Desired access. + Device name. + Device mode. + Heap size. + An instance of NtDesktop. + + + + Create a new desktop. + + The name of the desktop. + Optional root object + An instance of NtDesktop. + + + + Create a new desktop. + + The name of the desktop. + An instance of NtDesktop. + + + + Get the desktop for a thread. + + The thread ID of the thread. + True to throw on error. + The desktop result. + + + + Get the desktop for a thread. + + The thread ID of the thread. + The desktop result. + + + + Get desktop for current thread. + + + + + Get list of top level Windows for this Desktop. + + + + + Close the Desktop. This is different from normal Close as it destroys the Desktop. + + True to throw on error. + The NT status. + + + + NT Directory Object class + + + + + Open a directory object + + The object attributes to use for the open call. + Access rights for directory object + True to throw an exception on error. + The NT status code and object result. + Thrown on error and throw_on_error is true. + + + + Open a directory object + + The object attributes to use for the open call. + Access rights for directory object + The directory object + Throw on error + + + + Open a directory object by name + + The directory object to open + Optional root directory to parse from + Access rights for directory object + The directory object + Throw on error + + + + Open a directory object by name + + The directory object to open + Optional root directory to parse from + Access rights for directory object + True to throw an exception on error. + The directory object + Throw on error + + + + Open a directory object by full name + + The directory object to open + The directory object + Throw on error + + + + Create a directory object with a shadow + + The object attributes to create the directory with + The desired access to the directory + The shadow directory + Flags for creation. + True to throw an exception on error. + The NT status code and object result. + Thrown on error and throw_on_error is true. + + + + Create a directory object with a shadow + + The object attributes to create the directory with + The desired access to the directory + The shadow directory + True to throw an exception on error. + The NT status code and object result. + Thrown on error and throw_on_error is true. + + + + Create a directory object with a shadow + + The object attributes to create the directory with + The desired access to the directory + The shadow directory + Flags for creation. + The directory object + Thrown on error + + + + Create a directory object with a shadow + + The object attributes to create the directory with + The desired access to the directory + The shadow directory + The directory object + Thrown on error + + + + Create a directory object + + The directory object to create, if null will create a unnamed directory object + The desired access to the directory + Root directory from where to start the creation operation + The directory object + Thrown on error + + + + Create a directory object with a shadow + + The directory object to create, if null will create a unnamed directory object + The desired access to the directory + Root directory from where to start the creation operation + The shadow directory + The directory object + Thrown on error + + + + Create a directory object + + The directory object to create, if null will create a unnamed directory object + The directory object + Thrown on error + + + + Open a session directory. + + The session ID to open + Sub directory to open. + Desired access to open directory. + The directory object + Thrown on error + + + + Open the current session directory. + + The directory object + Thrown on error + + + + Open the current session directory. + + The directory object + Thrown on error + + + + Open basenamedobjects for a session. + + The session ID to open + The directory object + Thrown on error + + + + Open basenamedobjects for current session. + + The directory object + Thrown on error + + + + Get the based named object's directory for a session. + + The session ID + The based named object's directory. + + + + Get the based named object's directory for the current session. + + The based named object's directory. + + + + Get the a session's Windows object directory. + + The session id to use. + The path to the windows object directory. + + + + Get the current session's Windows object directory. + + The path to the windows object directory. + + + + Get the a session's Window Stations object directory. + + The session id to use. + The path to the window stations object directory. + + + + Get the current session's Window Stations object directory. + + The path to the window stations object directory. + + + + Open dos devices directory for a token. + + The directory object + Thrown on error + + + + Open dos devices directory for current effective token. + + The directory object + Thrown on error + + + + Create a private namespace directory. + + Object attributes for the directory + Boundary descriptor for the namespace + Desired access for the directory + True to throw an exception on error. + The directory object + Thrown on error + + + + Create a private namespace directory. + + Object attributes for the directory + Boundary descriptor for the namespace + Desired access for the directory + The directory object + Thrown on error + + + + Create a private namespace directory. + + Boundary descriptor for the namespace + The directory object + Thrown on error + + + + Open a private namespace directory. + + Object attributes for the directory + Boundary descriptor for the namespace + Desired access for the directory + True to throw an exception on error. + The directory object + Thrown on error + + + + Open a private namespace directory. + + Object attributes for the directory + Boundary descriptor for the namespace + Desired access for the directory + The directory object + Thrown on error + + + + Open a private namespace directory. + + Boundary descriptor for the namespace + The directory object + Thrown on error + + + + Returns whether a directory exists for this path. + + The path to the entry. + The root directory. + True if the directory exists for the specified path. + + + + Get the type of a directory entry by path. + + The path to the directory entry + The root object to look up if path is relative + The type name, or null if it can't be found. + + + + Query the directory for a list of entries. + + The list of entries. + Thrown on error + + + + Visit all accessible directories under this one. + + A function to be called on every accessible directory. Return true to continue enumeration. + Specify the desired access for the directory + True to recurse into sub directories. + Specify max recursive depth. -1 to not set a limit. + True if all children were visited. + + + + Visit all accessible directories under this one. + + A function to be called on every accessible directory. Return true to continue enumeration. + + + + Visit all accessible directories under this one. + + A function to be called on every accessible directory. Return true to continue enumeration. + True to recurse into sub directories. + + + + Visit all accessible directories under this one. + + A function to be called on every accessible directory. Return true to continue enumeration. + Specify the desired access for the directory + True to recurse into sub directories. + + + + Deletes a private namespace. If not a private namespace this does nothing. + + + + + Deletes a private namespace. If not a private namespace this does nothing. + + True to throw on error. + The NT status code. + + + + Get a directory entry based on a name. + + The name of the entry. + The typename to verify against, can be null. + True if look up is case sensitive. + The directory entry, or null if it can't be found. + + + + Get a directory entry based on a name. + + The name of the entry. + The directory entry, or null if it can't be found. + + + + Check whether a directory is exists relative to the current directory. + + Relative path to directory + True if the directory exists. + + + + Set the session ID for this directory to the current session. + + True to throw on error. + The NT status code. + Thrown on error. + Needs SeTcbPrivilege. + + + + Set the session object for this directory to the current session. + + True to throw on error. + The NT status code. + Thrown on error. + Needs SeTcbPrivilege. + + + + Returns whether this object is a container. + + + + + Directory access rights. + + + + + Base class to implement an enclave. + + + + + The base address of the enclave. + + + + + The type of enclave. + + + + + Dispose of the enclave. + + + + + Close the enclave. + + + + + Call a method in the enclave. + + The routine address to call. + The parameter to pass to the routine. + True to wait for a free thread. + True to throw on error. + The return value from the call. + + + + Call a method in the enclave. + + The routine address to call. + The parameter to pass to the routine. + True to wait for a free thread. + The return value from the call. + + + + Type of enclave. + + + + + Class to represent a VBS enclave. + + + + + Create a VBS enclave. + + The process to create the enclave in. + Size of the enclave. + Flags for the enclave. + Owner ID. Must be 32 bytes. + True to throw on error. + The created enclave. + + + + Create a VBS enclave. + + The process to create the enclave in. + Size of the enclave. + Flags for the enclave. + Owner ID. Must be 32 bytes. + The created enclave. + + + + Get a procedure address in the loaded enclave. + + The name of the procedure. + True to throw on error. + The address of the procedure. + + + + Get a procedure address in the loaded enclave. + + The name of the procedure. + The address of the procedure. + + + + Terminate the enclave. + + Flags for the terminate. + True to throw on error. + The NT status code. + + + + Terminate the enclave. + + Flags for the terminate. + The NT status code. + + + + Load a module into the enclave. + + The name of the module + Flags or path. + True to throw on error. + The NT status. + + + + Load a module into the enclave. + + The name of the module + Flags or path. + The NT status. + + + + Initialize the enclave. + + The number of threads to create. + True to throw on error. + The number of created threads. + + + + Initialize the enclave. + + The number of threads to create. + The number of created threads. + + + + Dispose of the enclave. + + + + + Class to represent a kernel transaction enlistment. + + + + + Create a new enlistment object. + + The object attributes + Desired access for the handle + Resource manager to handle the enlistment. + The transaction to enlist. + Optional create options. + Notification mask. + Enlistment key returned during notification. + True to throw an exception on error. + The created enlistment and NT status code. + + + + Create a new enlistment object. + + The object attributes + Desired access for the handle + Resource manager to handle the enlistment. + The transaction to enlist. + Optional create options. + Notification mask. + Enlistment key returned during notification. + The created enlistment. + + + + Open a existing new enlistment object. + + The object attributes + Desired access for the handle + Resource manager handling the enlistment. + ID of the enlistment to open. + True to throw an exception on error. + The opened enlistment and NT status code. + + + + Open a existing new enlistment object. + + The object attributes + Desired access for the handle + Resource manager handling the enlistment. + ID of the enlistment to open. + The opened enlistment. + + + + Get a default mask for creating an enlistment object. + + The creation option to get default mask for. + A default working mask. + + + + Commit complete enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Commit enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Preprepare complete enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Preprepare enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Prepare complete enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Prepare enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Rollback complete enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Rollback enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Read only enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Recover enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Single phase reject enlistment. + + Optional virtual clock value. + True to throw on error. + The NT status code. + + + + Commit complete enlistment. + + Optional virtual clock value. + + + + Commit enlistment. + + Optional virtual clock value. + + + + Preprepare complete enlistment. + + Optional virtual clock value. + + + + Preprepare enlistment. + + Optional virtual clock value. + + + + Prepare complete enlistment. + + Optional virtual clock value. + + + + Prepare enlistment. + + Optional virtual clock value. + + + + Rollback complete enlistment. + + Optional virtual clock value. + + + + Rollback enlistment. + + Optional virtual clock value. + + + + Read only enlistment. + + Optional virtual clock value. + + + + Recover enlistment. + + Optional virtual clock value. + + + + Single phase reject enlistment. + + Optional virtual clock value. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Get enlistment ID. + + + + + Get associated transaction ID. + + + + + Get resource manager ID. + + + + + Get CRM enlistment ID. + + + + + Get CRM transaction manager ID. + + + + + Get CRM resource manager ID. + + + + + Get or set recovery information. + + + + + Class to represent an NT trace GUID. + + + + + Class representing a NT Event object + + + + + Create an event object + + The path to the event + The root object for relative path names + The type of the event + The initial state of the event + True to throw on error. + The event object + + + + Create an event object + + The path to the event + The root object for relative path names + The type of the event + The initial state of the event + The event object + + + + Create an event object + + The event object attributes + The type of the event + The initial state of the event + The desired access for the event + The event object + + + + Create an event object + + The event object attributes + The type of the event + The initial state of the event + The desired access for the event + True to throw an exception on error. + The NT status code and object result. + + + + Create an event object + + The path to the event + The type of the event + The initial state of the event + The event object + + + + Open an event object + + The path to the event + The root object for relative path names + The desired access for the event + The event object + + + + Open an event object + + The event object attributes + The desired access for the event + The event object. + + + + Open an event object + + The event object attributes + The desired access for the event + True to throw an exception on error. + The NT status code and object result. + + + + Open an event object + + The path to the event + The root object for relative path names + The event object + + + + Open an event object + + The path to the event + The event object + + + + Set the event state + + True to throw an exception on error. + The previous state of the event and NT status. + + + + Set the event state + + The previous state of the event + + + + Clear the event state + + True to throw an exception on error. + The NT status code. + + + + Clear the event state + + + + + Pulse the event state. + + True to throw an exception on error. + The previous state of the event and NT status. + + + + Pulse the event state. + + The previous state of the event + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Get event type. + + + + + Get current event state. + + + + + Type of Event object. + + + + + Manual reset event. + + + + + Automatic reset event. + + + + + Exception class representing an NT status error. + + + + + Constructor + + Status result + + + + Returns the contained NT status code + + + + + Returns a string form of the NT status code. + + + + + Class representing a NT File object + + + + + Create a new file + + The object attributes + Desired access for the file + Attributes for the file + Share access for the file + Open options for file + Disposition when opening the file + Extended Attributes buffer + Optional allocation size. + True to throw an exception on error. + The NT status code and object result. + + + + Create a new file + + The object attributes + Desired access for the file + Attributes for the file + Share access for the file + Open options for file + Disposition when opening the file + Extended Attributes buffer + Optional allocation size. + The created/opened file object. + + + + Create a new file + + The object attributes + Desired access for the file + Attributes for the file + Share access for the file + Open options for file + Disposition when opening the file + Extended Attributes buffer + True to throw an exception on error. + The NT status code and object result. + + + + Create a new file + + The object attributes + Desired access for the file + Attributes for the file + Share access for the file + Open options for file + Disposition when opening the file + Extended Attributes buffer + The created/opened file object. + + + + Create a new file + + The path to the file + A root object to parse relative filenames + Desired access for the file + Attributes for the file + Share access for the file + Open options for file + Disposition when opening the file + Extended Attributes buffer + True to throw an exception on error. + The created/opened file object. + + + + Create a new file + + The path to the file + A root object to parse relative filenames + Desired access for the file + Attributes for the file + Share access for the file + Open options for file + Disposition when opening the file + Extended Attributes buffer + The created/opened file object. + + + + Create a new file + + The path to the file + Desired access for the file + Share access for the file + Open options for file + Disposition when opening the file + Extended Attributes buffer + The created/opened file object. + + + + Create a new named pipe file + + The object attributes + Desired access for the file + Share access for the file + Open options for file + Disposition when opening the file + Pipe completion mode + Default timeout + Input quota + Maximum number of instances (-1 for infinite) + Output quota + Type of pipe to create + Pipe read mode + True to throw an exception on error. + The NT status code and object result. + Thrown on error. + + + + Create a new named pipe file + + The object attributes + Desired access for the file + Share access for the file + Open options for file + Disposition when opening the file + Pipe completion mode + Default timeout + Input quota + Maximum number of instances (-1 for infinite) + Output quota + Type of pipe to create + Pipe read mode + The file instance for the pipe. + Thrown on error. + + + + Create a new named pipe file + + The path to the pipe file + A root object to parse relative filenames + Desired access for the file + Share access for the file + Open options for file + Disposition when opening the file + Pipe completion mode + Default timeout + Input quota + Maximum number of instances (-1 for infinite) + Output quota + Type of pipe to create + Pipe read mode + True to throw an exception on error. + The file instance for the pipe. + Thrown on error. + + + + Create a new named pipe file + + The path to the pipe file + A root object to parse relative filenames + Desired access for the file + Share access for the file + Open options for file + Disposition when opening the file + Pipe completion mode + Default timeout + Input quota + Maximum number of instances (-1 for infinite) + Output quota + Type of pipe to create + Pipe read mode + The file instance for the pipe. + Thrown on error. + + + + Create an anonymous named pipe pair. + + True to throw on error. + The named pipe pair. + + + + Create an anonymous named pipe pair. + + The named pipe pair. + + + + Create a new named mailslot file + + The object attributes + Desired access for the file + Open options for file + Mailslot quota + Maximum message size (0 for any size) + Read Timeout. + True to throw on error. + The file instance for the mailslot. + Thrown on error. + + + + Create a new named mailslot file + + The object attributes + Desired access for the file + Open options for file + Mailslot quota + Maximum message size (0 for any size) + Read timeout in MS (<0 is infinite) + True to throw on error. + The file instance for the mailslot. + Thrown on error. + + + + Create a new named mailslot file + + The object attributes + Desired access for the file + Open options for file + Mailslot quota + Maximum message size (0 for any size) + Read timeout in MS ( <0 is infinite) + The file instance for the mailslot. + Thrown on error. + + + + Create a new named mailslot file + + The path to the mailslot file + A root object to parse relative filenames + Desired access for the file + Open options for file + Mailslot quota + Maximum message size (0 for any size) + Timeout in MS ( <0 is infinite) + The file instance for the mailslot. + Thrown on error. + + + + Open a file + + The object attributes + The desired access for the file handle + The file share access + File open options + True to throw an exception on error. + The NT status code and object result. + + + + Open a file + + The object attributesf + The desired access for the file handle + The file share access + File open options + The opened file + Thrown on error. + + + + Open a file + + The path to the file + The root directory if path is relative. + The desired access for the file handle + The file share access + File open options + True to throw an exception on error. + The opened file + Thrown on error. + + + + Open a file + + The path to the file + The root directory if path is relative. + The desired access for the file handle + The file share access + File open options + The opened file + Thrown on error. + + + + Open a file + + The path to the file + The root directory if path is relative. + The desired access for the file handle + The opened file + Thrown on error. + + + + Get the object ID of a file as a string + + The path to the file + The object ID as a string + Thrown on error. + + + + Open a file by its object ID + + A handle to the volume on which the file resides. + The object ID as a binary string + The desired access for the file + File share access + Open options. + True to throw on error + The opened file object + + + + Open a file by its object ID + + A handle to the volume on which the file resides. + The object ID as a binary string + The desired access for the file + File share access + Open options. + The opened file object + Thrown on error. + + + + Open a file by its ID + + A handle to the volume on which the file resides. + The file's ID. Can be a file reference number or an Object ID. + The desired access for the file + File share access + Open options. + True to throw on error + The opened file object + + + + Open a file by its ID + + A handle to the volume on which the file resides. + The file's ID. Can be a file reference number or an Object ID. + The desired access for the file + File share access + Open options. + The opened file object + + + + Open a file by its object ID + + A handle to the volume on which the file resides. + The file ID. + The desired access for the file + File share access + Open options. + True to throw on error + The opened file object + + + + Open a file by its file ID + + A handle to the volume on which the file resides. + The file ID. + The desired access for the file + File share access + Open options. + The opened file object + Thrown on error. + + + + Open a file by its file ID + + The path to the volume which contains the file. + The file ID. + The desired access for the file + File share access + Open options. + True to throw on error + The opened file object + + + + Open a file by its file ID + + The path to the volume which contains the file. + The file ID. + The desired access for the file + File share access + Open options. + The opened file object + + + + Delete a file + + The object attributes for the file. + True to throw an exception on error + The status result of the delete + + + + Delete a file + + The object attributes for the file. + + + + Delete a file + + The path to the file. + + + + Rename file. + + The file to rename. + The target NT path. + Thrown on error. + + + + Create a hardlink to another file. + + The file to hardlink to. + The desintation hardlink path. + Thrown on error. + + + + Create a mount point. + + The path to the mount point to create. + The substitute name to reparse to. + The print name to display (can be null). + + + + Create a symlink. + + The path to the mount point to create. + True to create a directory symlink, false for a file. + The substitute name to reparse to. + The print name to display. + Additional flags for the symlink. + + + + Get the reparse point buffer for the file. + + The path to the reparse point. + The reparse point buffer. + + + + Delete the reparse point buffer. + + The path to the reparse point. + The original reparse buffer. + + + + Query attributes of a file. + + The object attributes. + True to throw on error. + The file attributes. + + + + Query attributes of a file. + + The object attributes. + The file attributes. + + + + Query attributes of a file. + + The path to the file. + The root directory to parse from. + True to throw on error. + The file attributes. + + + + Query attributes of a file. + + The path to the file. + The root directory to parse from. + The file attributes. + + + + Query attributes of a file. + + The path to the file. + The file attributes. + + + + Send a Device IO Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + Cancellation token to cancel the async operation. + True to throw on error. + Thrown on error. + The length of output bytes returned. + + + + Send a Device IO Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + Cancellation token to cancel the async operation. + True to throw on error. + The output buffer returned by the kernel. + + + + Send a Device IO Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + Cancellation token to cancel the async operation. + Thrown on error. + The length of output bytes returned. + + + + Send a Device IO Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + Cancellation token to cancel the async operation. + The output buffer returned by the kernel. + + + + Send a File System Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + Cancellation token to cancel the async operation. + True to throw on error. + Thrown on error. + The length of output bytes returned. + + + + Send a File System Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + Cancellation token to cancel the async operation. + True to throw on error. + The output buffer returned by the kernel. + + + + Send a File System Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + Cancellation token to cancel the async operation. + Thrown on error. + The length of output bytes returned. + + + + Send a File System Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + Cancellation token to cancel the async operation. + The output buffer returned by the kernel. + + + + Send a Device IO Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + Thrown on error. + The length of output bytes returned. + + + + Send a Device IO Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + The output buffer returned by the kernel. + + + + Send a File System Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + Thrown on error. + The length of output bytes returned. + + + + Send a File System Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + The output buffer returned by the kernel. + + + + Send a Device IO Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + True to throw on error. + Thrown on error. + The length of output bytes returned. + + + + Send a Device IO Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + True to throw on error. + The output buffer returned by the kernel. + + + + Send a File System Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + True to throw on error. + Thrown on error. + The length of output bytes returned. + + + + Send a File System Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + True to throw on error. + The output buffer returned by the kernel. + + + + Send a Device IO Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + True to throw an exception on error. + Thrown on error. + The length of output bytes returned. + + + + Send a Device IO Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + Thrown on error. + The length of output bytes returned. + + + + Send a Device IO Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + True to throw an exception on error. + The output buffer returned by the kernel. + + + + Send a Device IO Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + The output buffer returned by the kernel. + + + + Send an File System Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + True to throw an exception on error. + The length of output bytes returned. + Thrown on error. + + + + Send a File System Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + True to throw an exception on error. + The output buffer returned by the kernel. + + + + Send an File System Control code to the file driver + + The control code + Input buffer can be null + Output buffer can be null + The length of output bytes returned. + Thrown on error. + + + + Send a File System Control code to the file driver. + + The control code + Input buffer can be null + Maximum output buffer size + The output buffer returned by the kernel. + + + + Re-open an existing file for different access. + + The desired access for the file handle + The file share access + File open options + Flags for the object attributes. + True to throw an exception on error. + The NT status code and object result. + Thrown on error. + + + + Re-open an existing file for different access. + + The desired access for the file handle + The file share access + File open options + True to throw an exception on error. + The NT status code and object result. + Thrown on error. + + + + Re-open an exsiting file for different access. + + The desired access for the file handle + The file share access + File open options + The opened file + Thrown on error. + + + + Specify file disposition. + + True to set delete on close, false to clear delete on close. + True to throw on error. + The NT status code. + Thrown on error. + You can't prevent deletion if file opened with DeleteOnClose flag. + + + + Specify file disposition. + + True to set delete on close, false to clear delete on close. + Thrown on error. + You can't prevent deletion if file opened with DeleteOnClose flag. + + + + Delete the file. Must have been opened with DELETE access. + + True to throw on error. + The NT status code. + Thrown on error. + + + + Delete the file. Must have been opened with DELETE access. + + Thrown on error. + + + + Set disposition on the file (extended Windows version). + + True to throw on error. + Flags for SetDispositionEx call. + The NT status code. + Thrown on error. + + + + Set disposition on the file (extended Windows version). + + Flags for SetDispositionEx call. + Thrown on error. + + + + Delete the file (extended Windows version). Must have been opened with DELETE access. + + True to throw on error. + Flags for DeleteEx call. + The NT status code. + Thrown on error. + + + + Delete the file (extended Windows version). Must have been opened with DELETE access. + + Flags for DeleteEx call. + Thrown on error. + + + + Create a new hardlink to this file. + + The target NT path. + The root directory if linkname is relative + Thrown on error. + + + + Create a new hardlink to this file. + + The target absolute NT path. + Thrown on error. + + + + Create a new hardlink to this file. + + The target NT path. + The root directory if linkname is relative + If TRUE, replaces the target file if it exists. If FALSE, fails if the target file already exists. + True to throw on error. + The NT status code. + Thrown on error. + + + + Create a new hardlink to this file. + + The target NT path. + The root directory if linkname is relative + If TRUE, replaces the target file if it exists. If FALSE, fails if the target file already exists. + Thrown on error. + + + + Create a new hardlink to this file. + + The target NT path. + The root directory if linkname is relative + The flags associated to FileLinkInformationEx. + True to throw on error. + The NT status code. + Thrown on error. + + + + Create a new hardlink to this file. + + The target NT path. + The root directory if linkname is relative + The flags associated to FileLinkInformationEx. + Thrown on error. + + + + Rename file. + + The target NT path. + The root directory if new_name is relative + If TRUE, replaces the target file if it exists. If FALSE, fails if the target file already exists. + True to throw on error. + The NT status code. + Thrown on error. + + + + Rename file. + + The target NT path. + The root directory if new_name is relative + If TRUE, replaces the target file if it exists. If FALSE, fails if the target file already exists. + Thrown on error. + + + + Rename file. + + The target NT path. + The root directory if new_name is relative + Thrown on error. + + + + Rename this file with an absolute path. + + The target absolute NT path. + If TRUE, replace the target file if it exists. If FALSE, fails if the target file already exists. + Thrown on error. + + + + Rename this file with an absolute path. + + The target absolute NT path. + Thrown on error. + + + + Rename (extended Windows version) this file with an absolute path. + + The target absolute NT path. + The root directory if new_name is relative + The flags associated to FileRenameInformationEx. + True to throw on error. + The NT status code. + Thrown on error. + + + + Rename (extended Windows version) this file with an absolute path. + + The target absolute NT path. + The root directory if new_name is relative + The flags associated to FileRenameInformationEx. + Thrown on error. + + + + Rename (extended Windows version) this file with an absolute path. + + The target absolute NT path. + The flags associated to FileRenameInformationEx. + Thrown on error. + + + + Set an arbitrary reparse point. + + The reparse point data. + + + + Set an arbitrary reparse point. + + The reparse point data. + True to throw on error. + The NT status code. + + + + Set an arbitrary reparse point as a raw byte array. + + The reparse point data as a byte array. + + + + Set an arbitrary reparse point as a raw byte array. + + The reparse point data as a byte array. + True to throw on error. + The NT status code. + + + + Set an arbitrary reparse point. + + The reparse point data. + Flags for the reparse buffer. + Existing tag to check against. If no check required use 0. + Existing Guid to check against. If no check requested use empty GUID. + True to throw on error. + The NT status code. + + + + Set an arbitrary reparse point. + + The reparse point data. + Flags for the reparse buffer. + Existing tag to check against. If no check required use 0. + Existing Guid to check against. If no check requested use empty GUID. + + + + Set an arbitrary reparse point. + + The reparse point data. + Existing tag to check against. If no check required use 0. + + + + Set an arbitrary reparse point. + + The reparse point data.> + + + + Set a mount point on the current file object. + + The substitute name to reparse to. + The print name to display (can be null). + + + + Set a symlink on the current file object. + + The substitute name to reparse to. + The print name to display. + Additional flags for the symlink. + + + + Set a mount point on the current file object. + + The substitute name to reparse to. + The print name to display (can be null). + True to throw on error. + The NT status code. + + + + Set a symlink on the current file object. + + The substitute name to reparse to. + The print name to display. + Additional flags for the symlink. + True to throw on error. + The NT status code. + + + + Get the reparse point buffer for the file. + + True to throw on error. + The reparse point buffer. + + + + Get the reparse point buffer for the file. + + The reparse point buffer. + + + + Get the reparse point buffer for the file as a raw buffer. + + True to throw on error. + The reparse point buffer. + + + + Get the reparse point buffer for the file as a raw buffer. + + The reparse point buffer. + + + + Delete the reparse point buffer + + The reparse tag. + The NT status code. + True to throw on error. + + + + Delete the reparse point buffer + + The reparse tag. + + + + Delete the reparse point buffer + + The original reparse buffer. + True to throw on error. + + + + Delete the reparse point buffer + + The original reparse buffer. + + + + Get list of accessible files underneath a directory. + + Share access for file open + Options for open call. + The desired access for each file. + A file name mask (such as *.txt). Can be null. + Indicate what entries to return. + The list of files which can be access. + + + + Get list of accessible files underneath a directory. + + Share access for file open + Options for open call. + The desired access for each file. + The list of files which can be access. + + + + Query a directory for files. + + The list of directory entries. + + + + Query a directory for files. + + A file name mask (such as *.txt). Can be null. + Indicate what entries to return. + Specify what additional data to include in the directory entries. + The list of directory entries. You might need to cast the directories to the appropriate types if using include flags. + + + + Query a directory for files. + + A file name mask (such as *.txt). Can be null. + Indicate what entries to return. + The list of directory entries. + + + + Query a directory for files with file ID. + + A file name mask (such as *.txt). Can be null. + Indicate what entries to return. + Return placeholder parent and current directory entries. + The list of directory entries. + + + + Read data from a file with a length and position. + + The buffer to read to. + The position in the file to read. The position is optional. + True to throw on error. + The length of bytes read into the buffer. + + + + Read data from a file with a length and position. + + The buffer to read to. + The position in the file to read. The position is optional. + The length of bytes read into the buffer. + + + + Read data from a file with a length and position. + + The length of the read + The position in the file to read. The position is optional. + True to throw on error. + The read bytes, this can be smaller than length. + + + + Read data from a file with a length and position. + + The length of the read + The position in the file to read + The read bytes, this can be smaller than length. + + + + Read data from a file with a length. + + The length of the read + The read bytes, this can be smaller than length. + + + + Read data from a file with a length over a scatter set of pages. + + List of pages to read into. These pages must be Page Size aligned. + The length of the read + The position in the file to read. + True to throw on error. + The length of bytes read. + + + + Read data from a file with a length over a scatter set of pages. + + List of pages to read into. These pages must be Page Size aligned. + The length of the read + The position in the file to read. + The length of bytes read. + + + + Read data from a file with a length and position asynchronously. + + The buffer to read to. + The position in the file to read. The position is optional. + Cancellation token to cancel async operation. + True to throw on error. + The length of bytes read into the buffer. + + + + Read data from a file with a length and position asynchronously. + + The buffer to read to. + The position in the file to read. The position is optional. + Cancellation token to cancel async operation. + The length of bytes read into the buffer. + + + + Read data from a file with a length and position asynchronously. + + The length of the read + The position in the file to read. The position is optional. + Cancellation token to cancel async operation. + True to throw on error. + The length of bytes read into the buffer. + + + + Read data from a file with a length and position asynchronously.. + + The length of the read + The position in the file to read + Cancellation token to cancel async operation. + The read bytes, this can be smaller than length. + + + + Read data from a file with a length and position asynchronously.. + + The length of the read + The position in the file to read + The read bytes, this can be smaller than length. + + + + Read data from a file with a length and position asynchronously. + + List of pages to read into. These pages must be Page Size aligned. + The length of the read + The position in the file to read. + Cancellation token to cancel async operation. + True to throw on error. + The length of bytes read into the buffer. + + + + Read data from a file with a length and position asynchronously. + + List of pages to read into. These pages must be Page Size aligned. + The length of the read + The position in the file to read. + True to throw on error. + The length of bytes read into the buffer. + + + + Read data from a file with a length and position asynchronously. + + List of pages to read into. These pages must be Page Size aligned. + The length of the read + The position in the file to read. + Cancellation token to cancel async operation. + The length of bytes read into the buffer. + + + + Read data from a file with a length and position asynchronously. + + List of pages to read into. These pages must be Page Size aligned. + The length of the read + The position in the file to read. + The length of bytes read into the buffer. + + + + Write data to a file at a specific position asynchronously. + + The data to write as a buffer. + The position to write to. + Cancellation token to cancel async operation. + True to throw on error. + The number of bytes written + + + + Write data to a file at a specific position asynchronously. + + The data to write as a buffer. + The position to write to. + Cancellation token to cancel async operation. + The number of bytes written + + + + Write data to a file at a specific position asynchronously. + + The data to write. + The position to write to. + Cancellation token to cancel async operation. + The number of bytes written + + + + Write data to a file at a specific position asynchronously. + + The data to write + The position to write to + The number of bytes written + + + + Write data to a file at a specific position asynchronously. + + The data to write. + The position to write to. + Cancellation token to cancel async operation. + True to throw on error. + The number of bytes written + + + + Write data to a file at a specific position. + + The data to write + The position to write to. Optional + True to throw on error. + The number of bytes written. + + + + Write data to a file at a specific position. + + The data to write + The position to write to. Optional + The number of bytes written. + + + + Write data to a file at a specific position. + + The data to write + The position to write to. Optional + True to throw on error. + The number of bytes written. + + + + Write data to a file at a specific position. + + The data to write + The position to write to + The number of bytes written + + + + Write data to a file + + The data to write + The number of bytes written + + + + Write data to a file at a specific position gathered from a list of pages. + + List of pages to write. These pages must be page size aligned. + The length of the write. + The position to write to. + True to throw on error. + The number of bytes written. + + + + Write data to a file at a specific position gathered from a list of pages. + + List of pages to write. These pages must be page size aligned. + The length of the write. + The position to write to. + The number of bytes written. + + + + Write data to a file at a specific position asynchronously from a list of pages. + + List of pages to write. These pages must be page size aligned. + The length of the write. + The position to write to. + Cancellation token to cancel async operation. + True to throw on error. + The number of bytes written + + + + Write data to a file at a specific position asynchronously from a list of pages. + + List of pages to write. These pages must be page size aligned. + The length of the write. + The position to write to. + True to throw on error. + The number of bytes written + + + + Write data to a file at a specific position asynchronously from a list of pages. + + List of pages to write. These pages must be page size aligned. + The length of the write. + The position to write to. + Cancellation token to cancel async operation. + The number of bytes written + + + + Write data to a file at a specific position asynchronously from a list of pages. + + List of pages to write. These pages must be page size aligned. + The length of the write. + The position to write to. + The number of bytes written + + + + Lock part of a file. + + The offset into the file to lock + The number of bytes to lock + True to fail immediately if the lock can't be taken + True to do an exclusive lock + True to throw on error. + The NT status code. + + + + Lock part of a file. + + The offset into the file to lock + The number of bytes to lock + True to fail immediately if the lock can't be taken + True to do an exclusive lock + + + + Shared lock part of a file. + + The offset into the file to lock + The number of bytes to lock + + + + Lock part of a file asynchronously. + + The offset into the file to lock + The number of bytes to lock + True to fail immediately if the lock can't be taken + True to do an exclusive lock + Cancellation token to cancel async operation. + True to throw on error. + The NT status code. + + + + Lock part of a file asynchronously. + + The offset into the file to lock + The number of bytes to lock + True to fail immediately if the lock can't be taken + True to do an exclusive lock + Cancellation token to cancel async operation. + + + + Lock part of a file asynchronously. + + The offset into the file to lock + The number of bytes to lock + True to fail immediately if the lock can't be taken + True to do an exclusive lock + + + + Shared lock part of a file asynchronously. + + The offset into the file to lock + The number of bytes to lock + + + + Unlock part of a file previously locked with Lock + + The offset into the file to unlock + The number of bytes to unlock + Thrown on error. + + + + Unlock part of a file previously locked with Lock + + The offset into the file to unlock + The number of bytes to unlock + True to throw on error. + The NT status code. + + + + Convert this NtFile to a FileStream for reading/writing. + + The stream must be closed separately from the NtFile. + The file stream. + Thrown on error. + + + + Get the Win32 path name for the file. + + The flags to determine what path information to get. + The path. + Throw on error. + + + + Get the Win32 path name for the file. + + The flags to determine what path information to get. + True to throw on error. + The path. + + + + Oplock the file with a specific level. + + The level of oplock to set. + True to throw on error. + The oplock response level. + + + + Oplock the file with a specific level. + + The level of oplock to set. + The oplock response level. + + + + Oplock the file with a specific level. + + The level of oplock to set. + Cancellation token to cancel async operation. + True to throw on error. + The oplock response level. + + + + Oplock the file with a specific level. + + The level of oplock to set. + True to throw on error. + The oplock response level. + + + + Oplock the file with a specific level. + + The level of oplock to set. + Cancellation token to cancel async operation. + The oplock response level. + + + + Oplock the file with a specific level. + + The level of oplock to set. + The oplock response level. + + + + Acknowledge an oplock break. + + The acknowledgment level. + True to throw on error. + The NT status code. + Oplock break acknowledgement returns STATUS_PENDING. + + + + Acknowledge an oplock break. + + The acknowledgment level. + + + + Oplock the file with a specific level. + + The oplock cache level. + Specify additional flags for the request. + True to throw on error. + The result of the oplock request. + + + + Oplock the file with a specific level. + + The oplock cache level. + True to throw on error. + The result of the oplock request. + + + + Oplock the file with a specific level and flags. + + The oplock level. + Cancellation token to cancel async operation. + Specify additional flags for the request. + True to throw on error. + The request of the oplock request. + + + + Oplock the file with a specific level and flags. + + The oplock level. + Cancellation token to cancel async operation. + True to throw on error. + The request of the oplock request. + + + + Oplock the file with a specific lease level and flags. + + The oplock lease level. + Specify additional flags for the request. + The result of the oplock request. + + + + Oplock the file with a specific lease level and flags. + + The oplock lease level. + The result of the oplock request. + + + + Oplock the file with a specific level and flags. + + The oplock level. + Specify additional flags for the request. + Cancellation token to cancel async operation. + The request of the oplock request. + + + + Oplock the file with a specific level and flags. + + The oplock level. + Cancellation token to cancel async operation. + The request of the oplock request. + + + + Oplock the file with a specific level and flags. + + The oplock level. + True to throw on error. + The request of the oplock request. + + + + Oplock the file with a specific level and flags. + + The oplock level. + The response of the oplock request. + + + + Oplock the file with a specific level and flags. + + The oplock level. + Specify additional flags for the request. + The response of the oplock request. + + + + Acknowledge a lease oplock started with RequestOplockLease. + + True to complete acknowledgement on close. + True to throw on error. + The NT status code. + This breaks to None. If you want to request the new oplock level then request a new oplock. + + + + Acknowledge a lease oplock started with RequestOplockLease. + + True to complete acknowledgement on close. + + + + Acknowledge a lease oplock started with RequestOplockLease. + + + + + Oplock the file exclusively (no other users can access the file). + + True to throw on error. + The oplock response level. + + + + Oplock the file exclusively (no other users can access the file). + + The oplock response level. + + + + Oplock the file exclusively (no other users can access the file). + + Cancellation token to cancel async operation. + The oplock response level. + + + + Oplock the file exclusively (no other users can access the file). + + The oplock response level. + + + + Wait for an oplock break to complete. + + True to throw on error. + The NT status code. + + + + Wait for an oplock break to complete. + + The NT status code. + + + + Wait for an oplock break to complete. + + True to throw on error. + The NT status code. + + + + Wait for an oplock break to complete. + + The NT status code. + + + + Dispose. + + True is disposing. + + + + Try and cancel any pending asynchronous IO. + + + + + Get the extended attributes of a file. + + True to throw on error. + The extended attributes, empty if no extended attributes. + + + + Get the extended attributes of a file. + + The extended attributes, empty if no extended attributes. + + + + Set the extended attributes for a file. + + The EA buffer to set. + True to throw on error. + This will add entries if they no longer exist, + remove entries if the data is empty or update existing entires. + + + + Set the extended attributes for a file. + + The EA buffer to set. + This will add entries if they no longer exist, + remove entries if the data is empty or update existing entires. + + + + Set the extended attributes for a file. + + The name of the entry + The associated data + The entry flags. + + + + Set the extended attributes for a file. + + The name of the entry + The associated data + The entry flags. + + + + Set the extended attributes for a file. + + The name of the entry + The associated data + The entry flags. + + + + Remove an extended attributes entry for a file. + + The name of the entry + + + + Assign completion port to file. + + The completion port. + A key to associate with this completion. + + + + Check if a specific set of file directory access rights is granted + + The file directory access rights to check + True if all access rights are granted + + + + Get the cached signing level for a file. + + The cached signing level. + + + + Get the cached signing level for a file. + + The cached signing level. + + + + Get the cached singing level from the raw EA buffer. + + The cached signing level data. + Throw on error. + + + + Set the cached signing level for a file. + + Flags to set for the cache. + The signing level to cache + + + + Set the cached signing level for a file. + + Flags to set for the cache. + The signing level to cache + Optional directory path to look for catalog files. + + + + Set the cached signing level for a file. + + Flags to set for the cache. + The signing level to cache + Files for signature. + Optional directory path to look for catalog files. + + + + Set the cached signing level for a file. + + Flags to set for the cache. + The signing level to cache + Files for signature. + Optional directory path to look for catalog files. + True to throw on error. + + + + Set the end of file. + + The offset to the end of file. + + + + Set the valid data length of the file without zeroing. Needs SeManageVolumePrivilege. + + The length to set. + + + + Get list of hard link entries for a file. + + The list of entries. + + + + Get a list of stream entries for the current file. + + The list of streams. + + + + Visit all accessible streams under this file. + + A function to be called on every accessible stream. Return true to continue enumeration. + Specify the desired access for the streams. + The share access to open the streams with. + Additional options to open the s with. + True if all accessible streams were visited, false if not. + + + + Get list of process ids using this file. + + The list of process ids. + + + + Visit all accessible files under this directory. + + A function to be called on every accessible file. Return true to continue enumeration. + Specify the desired access for the files. + True to recurse into sub keys. + The share access to open the files with. + Specify max recursive depth. -1 to not set a limit. + Additional options to open the files with. + A file name mask (such as *.txt). Can be null. + Indicate what entries to return. + True if all accessible files were visited, false if not. + + + + Visit all accessible files under this directory. + + A function to be called on every accessible file. Return true to continue enumeration. + Specify the desired access for the files. + True to recurse into sub keys. + The share access to open the files with. + Specify max recursive depth. -1 to not set a limit. + Additional options to open the files with. + True if all accessible files were visited, false if not. + + + + Visit all accessible files under this directory. + + A function to be called on every accessible file. Return true to continue enumeration. + + + + Visit all accessible files under this directory. + + A function to be called on every accessible file. Return true to continue enumeration. + Specify the desired access for the files. + The share access to open the files with. + + + + Query whether a file is trusted for dynamic code. + + Returns true if the file is trusted. + + + + Set a file is trusted for dynamic code. + + + + + Set a file is trusted for dynamic code. + + True to throw on error. + The NT status code. + + + + Find files in a directory by the owner SID. + + The owner SID. + A list of files in the directory. + For this method to work you need Quota enabled on the volume. + + + + Get full change notifications. Will pick ex version if available and revert to old format if not. + + The filter of events to watch for. + True to watch all sub directories. + True to throw on error. + Wait timeout. + The list of changes. + + + + Get full change notifications. Will pick ex version if available and revert to old format if not. + + The filter of events to watch for. + True to watch all sub directories. + Wait timeout. + The list of changes. + + + + Get full change notifications asynchronously. Will pick ex version if available and revert to old format if not. + + The filter of events to watch for. + True to watch all sub directories. + True to throw on error. + Cancellation token. + The list of changes. + + + + Get full change notifications asynchronously. Will pick ex version if available and revert to old format if not. + + The filter of events to watch for. + True to watch all sub directories. + Cancellation token. + The list of changes. + + + + Get full change notifications asynchronously. Will pick ex version if available and revert to old format if not. + + The filter of events to watch for. + True to watch all sub directories. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + True to throw on error. + Wait timeout. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + True to throw on error. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + Wait timeout. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + True to throw on error. + Cancellation token. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + True to throw on error. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + Cancellation token. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + The list of changes. + + + + Get extended change notifications. + + The filter of events to watch for. + True to watch all sub directories. + Timeout to wait. + True to throw on error. + The list of changes. + + + + Get extended change notifications. + + The filter of events to watch for. + True to watch all sub directories. + True to throw on error. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + Timeout to wait. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + True to throw on error. + Cancellation token. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + True to throw on error. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + Cancellation token. + The list of changes. + + + + Get change notifications. + + The filter of events to watch for. + True to watch all sub directories. + The list of changes. + + + + Get the file attributes. + + True to throw on error. + The file attributes. + + + + Set the file attributes. + + The file attributes to set. + True to throw on error. + The NT status code. + + + + Get the creation time. + + True to throw on error. + The creation time. + + + + Get the last write time. + + True to throw on error. + The last write time. + + + + Get the change time time. + + True to throw on error. + The change time. + + + + Get the last access time. + + True to throw on error. + The last access time time. + + + + Set the file's creation time. + + The time to set. + True to throw on error. + The NT status code. + + + + Set the file's last access time. + + The time to set. + True to throw on error. + The NT status code. + + + + Set the file's last write time. + + The time to set. + True to throw on error. + The NT status code. + + + + Set the file's change time. + + The time to set. + True to throw on error. + The NT status code. + + + + Set the file position. + + The file position to set. + True to throw on error. + The NT status code. + + + + Get file information. + + + + + + + Query all reparse points from a volume. + + The list of reparse points. + You'll need to open the reparse database, which is typically \$Extend\$Reparse:$R:$INDEX_ALLOCATION on the volume. + + + + Query all object ids from a volume. + + The list of object ids. + You need to open the object ID database, which is typically \$Extend\$ObjId:$O:$INDEX_ALLOCATION on the volume. + + + + Get the Object ID buffer for a file. + + True to throw on error. + The object ID buffer. + + + + Get the Object ID create for a file. + + The object ID buffer. + + + + Get the Object ID buffer for a file. + + True to throw on error. + The object ID buffer. + + + + Get or create the Object ID for a file. + + The object ID buffer. + + + + Set Object ID and extended information. + + The Object ID buffer. + Only set the extended information. + True to throw on error. + The NT status code. + + + + Set Object ID and extended information. + + The Object ID buffer. + Only set the extended information. + The NT status code. + + + + Set Object ID and extended information. + + The Object ID GUID. + Extended info buffer, needs to be 48 bytes in size. + The NT status code. + + + + Set only Object ID extended information. + > + Extended info buffer, needs to be 48 bytes in size. + The NT status code. + + + + Delete the Object ID for a file. + + True to throw on error. + The NT status code. + + + + Delete the Object ID for a file. + + + + + Make the file sparse. + + True to make the file sparse. + True to throw on error. + The NT status code. + + + + Query if the driver is in the device stack for the device. + + The driver path. Can be a plain name of full object manager path, e.g. \Device\Blah. + True to throw on error. + True indicating driver in path. + + + + Query if the driver is in the device stack for the device. + + The driver path. + True indicating driver in path. + + + + Get filesystem and volume information. + + + + + Query a fixed buffer for a volume. + + The type to query. + The volume information class. + The returned type. + + + + Query a fixed buffer for a volume. + + The type to query. + The volume information class. + True to throw on error. + The returned type. + + + + Query a buffer for a volume. + + The type to query. + The volume information class. + True to throw on error. + The returned type. + + + + Query a buffer for a volume. + + The volume information class. + Initialization buffer. + True to throw on error. + The returned type. + + + + Query a buffer for a volume. + + The volume information class. + Initialization buffer. + The returned type. + + + + Query a buffer for a volume. + + The type to query. + The volume information class. + The returned type. + + + + Query a buffer for a volume. + + The volume information class. + The buffer for the query. Can be initialized. + True to throw on error. + The NT status code. + + + + Query a buffer for a volume. + + The volume information class. + The buffer for the query. Can be initialized. + + + + Set a buffer on a volume. + + The volume information class. + The buffer for the set. + True to throw on error. + The NT status code. + + + + Set a buffer on a volume. + + The volume information class. + The buffer for the set. + + + + Set a fixed value on a volume. + + The volume information class. + The fixed value to set. + True to throw on error. + The NT status code. + + + + Set a fixed value on a volume. + + The volume information class. + The fixed value to set. + + + + Query the quota entries for a volume. + + Return quote entries for the specified SIDs. + The list of quota entries. + + + + Query all quota entries for a volume. + + The list of quota entries. + + + + Set quota entries. + + The quota entries to set. + True to throw on error. + The NT status code. + + + + Set quota entries. + + The quota entries to set. + + + + Set quota entry. + + The quota entry to set. + + + + Set quota entry. + + The SID for the quota. + The quota limit to set. + The quota threshold to set. + + + + Get the file's full path. + + True to throw on error. + The file name. + + + + Get the file's normalized path. + + True to throw on error. + The file name. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Get object ID for current file + + The object ID as a string + Thrown on error. + + + + Get object ID for current file as a number. + + The object ID as a number. + Thrown on error. + + + + Get or set the attributes of a file. + + The file attributes + Thrown on error. + + + + Get or set the creation time. + + + + + Get or set the last access time. + + + + + Get or set the last write time. + + + + + Get or set the change time. + + + + + Get file information, which is times, attributes and sizes. + + + + + Get or set the file as sparse. + + + + + Get whether this file represents a directory. + + + + + Get whether this file repsents a reparse point. + + + + + The result of opening the file, whether it was created, overwritten etc. + + + + + Get or set the current file position. + + + + + Get or sets the file's length + + + + + Get the file's allocation size. + + + + + Get the number of links. + + + + + Get whether delete is pending. + + + + + Get the Win32 path name for the file. + + The path, string.Empty on error. + + + + Get the low-level device type of the file. + + The file device type. + + + + Get the low-level device characteristics of the file. + + The file device characteristics. + + + + Get filesystem and volume information. + + + + + Get or set the file's compression format. + + + + + Gets whether the file is on a remote file system. + + + + + Get or set whether this file/directory is case sensitive. + + + + + Get or set whether this file/directory is case sensitive. + + + + + Get the file mode. + + + + + Get file access information. + + + + + Get the filename with the volume path. + + + + + Get the normalized filename with the volume path. + + + + + Get the associated short filename + + + + + Get the associated short filename + + + + + Get the normalized name. + + + + + Get or set the storage reserve ID. + + + + + Returns whether this object is a container. + + + + + Get or set the read only status of the file. + + + + + Is the file compressed. + + + + + Get remote protocol information. + + + + + Get the granted access as directory rights. + + + + + Get the file system control flags. + + + + + Get persist volume flags. + + + + + Return the status information field. (32 bit) + + + + + Class representing file information. + + + + + Time of creation. + + + + + Time of last access. + + + + + Time of last write. + + + + + Time of change. + + + + + Length of the file. + + + + + Length of the file, alias of EndOfFile. + + + + + Allocation size. + + + + + File attributes. + + + + + Has the file got a set of attributes set. + + The attributes to check. + True if it has the attributes. + + + + Is the file a directory. + + + + + Is the file a reparse point. + + + + + Class to represent a directory entry. + + + + + Index of the file. + + + + + File name. + + + + + Class to represent a directory entry with file IDs. + + + + + Length of any EA buffer. + + + + + The file reference number if known. + + + + + Class to represent a directory entry with short names. + + + + + Length of any EA buffer. + + + + + The short name of the file. + + + + + Class to represent a directory entry with short names and file ids. + + + + + Length of any EA buffer. + + + + + The short name of the file. + + + + + The file reference number if known. + + + + + Class to represent a file quota entry. + + + + + Class to represet a file object ID. + + + + + Full path to the file with the reparse point. + + + + + Win32 path to the file with the reparse point. + + + + + Reference number for the file. + + + + + The file's attributes. + + + + + The file's object ID. + + + + + The file's extended info. + + + + + File's birth volume ID. + + + + + File's birth object ID. + + + + + File's domain ID. + + + + + Class to represent a file reparse point. + + + + + Full path to the file with the reparse point. + + + + + Win32 path to the file with the reparse point. + + + + + Reference number for the file. + + + + + The file's attributes. + + + + + The reparse point buffer. + + + + + The reparse point tag. + + + + + Utility functions for files + + + + + Convert a DOS filename to an absolute NT filename + + The filename, can be relative + True to throw on error. + The NT filename + + + + Convert a DOS filename to an absolute NT filename + + The filename, can be relative + The NT filename + + + + Convert a DOS filename to an absolute NT filename + + List of paths to combine before converting. + The NT filename + + + + Convert a DOS filename to an NT filename and get as an ObjectAttributes structure + + The DOS filename. + The object attribute flags. + An optional security quality of service. + An optional security descriptor. + True to throw on error. + The object attributes + + + + Convert a DOS filename to an NT filename and get as an ObjectAttributes structure + + The DOS filename. + The object attribute flags. + An optional security quality of service. + An optional security descriptor. + The object attributes + + + + Convert a DOS filename to an NT filename and get as an ObjectAttributes structure + + The filename + The object attributes + + + + Convert a DOS filename to a UNICODE_STRING structure + + The DOS filename + The UNICODE_STRING + + + + Get type of DOS path + + The DOS filename + The type of DOS path + + + + Map directory access rights to file access rights. + + The directory access rights to map. + The mapped access rights. + + + + Convert a file ID long to a string. + + The file ID to convert + The string format of the file id. + + + + Convert a string to a file ID. + + The file ID as a string (must be 4 characters). + The file ID as a long. + + + + Get if a reparse tag is a Microsoft defined one. + + The reparse tag. + True if it's a Microsoft reparse tag. + + + + Get if a reparse tag is a name surrogate. + + The reparse tag. + True if it's a surrogate reparse tag. + + + + Get if a reparse tag is a directory which can have children. + + The reparse tag. + True if it's a directory reparse tag which can have children. + + + + Convert a directory access rights mask to a normal file access mask. + + The access to convert. + The converted access rights. + + + + Convert a file access rights mask to a directory file access mask. + + The access to convert. + The converted access rights. + + + + Enable or disable Wow64 FS redirection. + + True to enable FS redirection. + True to throw on error. + The old enable state. + + + + Enable or disable Wow64 FS redirection. + + True to enable FS redirection. + The old enable state. + + + + Split an allocated address into a list of pages. This can be used to pass to + ReadScatter or WriteGather file APIs. + + The base address to split. The address should be page aligned. + The length of bytes to split into pages. This will be rounded up to the next page boundary. + The list of pages. + + + + Split an allocated address into a list of pages. This can be used to pass to + ReadScatter or WriteGather file APIs. + + The allocated buffer to split. The address should be page aligned. + The buffer will be split up based on its length. Note that the length will be rounded up. + The list of pages. + + + + Attempt to convert an NT device filename to a DOS filename. + + The filename to convert. + The converted string. Returns a path prefixed with GLOBALROOT if it doesn't understand the format. + + + + Build a path for an open by ID file. + + The path to the volume. + The ID. + The bytes for the ID path. + + + + Build a path for a file ID volume. + + The path to the volume. + The file reference number. + The bytes for the file ID path. + + + + Build a path for an object ID volume. + + The path to the volume. + The file object ID. + The bytes for the file ID path. + + + + Generate a DOS filename from a full filename. + + The full filename. + True to allow extended characters. + Number of iterations of the algorithm to test. + True throw on error. + The DOS filename. + + + + Generate a DOS filename from a full filename. + + The full filename. + True to allow extended characters. + Number of iterations of the algorithm to test. + The DOS filename. + + + + Generate a DOS filename from a full filename. + + The full filename. + True to allow extended characters. + The DOS filename. + + + + Is the filename a legal 8dot3 name. + + The filename to check. + True if it's a legal 8dot3 name. + + + + Class representing a NT FilterConnectionPort object. Note this is just a dummy object for typing purposes. + + + + + A generic wrapper for any object, used if we don't know the type ahead of time. + + + + + Convert the generic object to the best typed object. + + The typed object. Can be NtGeneric if no better type is known. + + + + Convert the generic object to the best typed object. + + True to throw on error. + The typed object. Can be NtGeneric if no better type is known. + + + + Returns whether this object is a container. + + + + + Class to represent a system handle + + + + + The ID of the process holding the handle + + + + + Get the image path for the process which contains this handle. + + + + + Get name of the process which contains this handle. + + + + + The object type index + + + + + The object type name + + + + + The object type + + + + + The handle attribute flags. + + + + + The handle value + + + + + The address of the object. + + + + + The granted access mask + + + + + The granted access mask as a string. + + + + + The granted access mask as a string. + + + + + Whether the handle is inheritable. + + + + + Whether the handle is protected from close. + + + + + Whether the handle has write access. + + + + + Whether the handle has read access. + + + + + Whether the handle has execute access. + + + + + Whether the handle has full access. + + + + + The name of the object (needs to have set query access in constructor) + + + + + The security of the object (needs to have set query access in constructor) + + + + + Indicates if the handle was valid. + + This can cause the handle's values to be queried which can take time. + + + + Overridden ToString. + + The handle as a string. + + + + Get handle into the current process + + True to throw on error. + The handle to the object + + + + Get handle into the current process + + The handle to the object + + + + Close the handle in the original process. + + True throw on error. + The NT status code. + This is not recommended. + + + + Close the handle in the original process. + + This is not recommended. + + + + Class to call NT heap APIs. + + + + + Allocate a buffer from the heap. + + Heap flags. + Size of the allocation. + True to throw on error. + The allocated memory address. + + + + Allocate a buffer from the heap. + + Heap flags. + Size of the allocation. + The allocated memory address. + + + + Free a buffer from the heap. + + Heap flags. + Address of the allocation. + True to throw on error. + + + + Free a buffer from the heap. + + Heap flags. + Address of the allocation. + + + + Get the current process heap. + + + + + Class representing an NT IO Completion Port object + + + + + Create an IO Completion Port object + + The object attributes + The desired access for the event + Number of concurrent threads to process I/O packets. 0 for CPU count. + True to throw an exception on error. + The NT status code and object result. + Thrown on error. + + + + Create an IO Completion Port object + + The object attributes + The desired access for the event + Number of concurrent threads to process I/O packets. 0 for CPU count. + The IO Completion Port object. + Thrown on error. + + + + Create an IO Completion Port object + + The path to the IO Completion Port + The root object for relative path names + The desired access for the event + Number of concurrent threads to process I/O packets. 0 for CPU count. + The IO Completion Port object. + Thrown on error. + + + + Create an unnamed IO Completion Port object. + + The IO Completion Port object. + Thrown on error. + + + + Open an IO Completion Port object + + The object attributes + The desired access for the event + The IO Completion Port object. + Thrown on error. + + + + Open an IO Completion Port object + + The object attributes + The desired access for the event + True to throw an exception on error. + The NT status code and object result. + Thrown on error. + + + + Open an IO Completion Port object + + The path to the IO Completion Port + The root object for relative path names + The desired access for the event + The IO Completion Port object. + Thrown on error. + + + + Open an IO Completion Port object + + The path to the IO Completion Port + The IO Completion Port object. + Thrown on error. + + + + Remove a queued status from the queue. + + An optional timeout. + True to throw on error. + The completion result. + Thrown on error or timeout. + + + + Remove a queued status from the queue. + + An optional timeout. + The completion result. + Thrown on error or timeout. + + + + Remove multiple queued status from the queue. + + Maximum number of status to remove. + An optional timeout. + Indicate whether the wait is alertable. + True to throw on error. + Array of completion results. Length can be <= max_count. + + + + Remove multiple queued status from the queue. + + Maximum number of status to remove. + An optional timeout. + Indicate whether the wait is alertable. + Array of completion results. Length can be <= max_count. If timeout then returns an empty array. + + + + Remove multiple queued status from the queue. + + Maximum number of status to remove. + Array of completion results. Length can be <= max_count + + + + Remove a queued status from the queue. Wait for an infinite time for the result. + + The completion result. + + + + Add a queued status to the queue. + + The optional key context. + The optional APC context. + Status code + The information context. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Get current depth of IO Completion Port + + + + + Memory control method. + + + + + Buffered. + + + + + IN Direct. + + + + + OUT Direct. + + + + + Neither. + + + + + Access control flags. + + + + + Any access. + + + + + Read access. + + + + + Write access. + + + + + Represents a NT file IO control code. + + + + + Type of device + + + + + Function number + + + + + Buffering method + + + + + Access of file handle + + + + + Is the function number custom, i.e. has the top bit set. + + + + + Get a known name associated with this IO control code. + + + + + Constructor + + Type of device + Function number + Buffering method + Access of file handle + + + + Constructor + + Raw IO control code to convert. + + + + Static method to create an NtIoControlCode + + The conde as an integer. + The io control code. + + + + Convert the io control code to an Int32 + + The int32 version of the code + + + + Overriden hash code. + + The hash code. + + + + Overridden equals. + + The object to compare against. + True if equal. + + + + Overridden ToString method. + + The IO control code as a string. + + + + Format IO control code with an format specifier. + + The format specified. For example use X to format as a hexadecimal number. + The formatted string. + + + + Format the underlying IO control code with an format specifier. + + The format specified. For example use X to format as a hexadecimal number. + Format provider. + The formatted string. + + + + Class representing a NT Job object + + + + + Create a job object + + The object attributes + Desired access for job. + True to throw an exception on error. + The NT status code and object result. + + + + Create a job object + + The object attributes + Desired access for job. + The Job object. + + + + Create a job object + + The path to the job object (can be null) + The root object when path is relative + Desired access for job. + The Job object + + + + Create a job object + + The path to the job object (can be null) + The root object when path is relative + The Job object + + + + Create an unnamed job object + + The Job object + + + + Open a job object + + The object attributes + Desired access for job. + True to throw an exception on error. + The NT status code and object result. + + + + Open a job object + + The object attributes + Desired access for job. + The Job object + + + + Open a job object + + The path to the job object + The root object when path is relative + Desired access for the job object + The Job object + + + + Open a job object + + The path to the job object + The root object when path is relative + The Job object + + + + Create and initialize a Silo, + + Flags for root directory. + Desired access for the job. + Object attributes. + True to throw on error. + The Job object. + + + + Create and initialize a Silo, + + Flags for root directory. + Desired access for the job. + Object attributes. + The Job object. + + + + Create and initialize a Silo, + + Flags for root directory. + True to throw on error. + The Job object. + + + + Create an initialize a Silo, + + Flags for root directory. + The Job object. + + + + Create and initialize a Server Silo, + + Flags for root directory. + True to throw on error. + Path to the system root. + Event to signal when silo deleted. + True if a downlevel container. + Desired access for the job. + Object attributes. + The Job object. + + + + Create and initialize a Server Silo, + + Flags for root directory. + Path to the system root. + Event to signal when silo deleted. + True if a downlevel container. + Desired access for the job. + Object attributes. + The Job object. + + + + Create and initialize a Server Silo, + + Flags for root directory. + True to throw on error. + Path to the system root. + Event to signal when silo deleted. + True if a downlevel container. + The Job object. + + + + Create and initialize a Server Silo, + + Flags for root directory. + Path to the system root. + Event to signal when silo deleted. + True if a downlevel container. + The Job object. + + + + Convert Job object into a Silo + + True to throw on error. + The NT status code. + + + + Convert Job object into a Silo + + + + + Initialize a Silo, + + Flags for root directory. + True to throw on error. + The NT status code. + + + + Initialize a Silo, + + Flags for root directory. + + + + Initialize a Silo to a Server Silo. + + Event to signal when silo deleted. + True if a downlevel container. + True to throw on error. + The NT status code. + You must have set a system root and added a \Device directory (which shadows the real directory) to the silo object directory. + + + + Initialize a Silo to a Server Silo. + + Event to signal when silo deleted. + True if a downlevel container. + The NT status code. + + + + Create the silo's root object directory. + + The flags for the creation. + True to throw on error. + The NT status code. + + + + Create the silo's root object directory. + + The flags for the creation. + The NT status code. + + + + Assign a process to this job object. + + The process to assign. + + + + Assign a process to this job object. + + True to throw on error. + The process to assign. + The NT status code. + + + + Assign a process to this job object using current Job on Windows 1709+. + + + + + Assign a process to this job object using current Job on Windows 1709+. + + + + + Associate a completion port with the job. + + The completion port. + The key associated with the port. + + + + Terminate this job object. + + The termination status. + True to throw on error. + The NT status code. + + + + Terminate this job object. + + The termination status. + + + + Set the limit flags for the job. + + The limit flags. + True to throw on error. + The NT status code. + + + + Set the limit flags for the job. + + The limit flags. + + + + Set the Silo system root directory. + + The absolute path to the system root directory. + True to throw on error. + The system_root path must start with a capital drive letter and not end with a backslash. + The NT status code. + + + + Set the Silo system root directory. + + The absolute path to the system root directory. + The system_root path must start with a capital drive letter and not end with a backslash. + + + + Set the active process limit. + + The number of active processes in the job. + True to throw on error. + The NT status code. + + + + Set the active process limit. + + The number of active processes in the job. + + + + Set minimum and maximum working set size. + + The minimum working set size. + The maximum working set size. + True to throw on error. + The NT status code. + + + + Set minimum and maximum working set size. + + The minimum working set size. + The maximum working set size. + + + + Set the process memory limit. + + The memory limit for a process. + True to throw on error. + The NT status code. + + + + Set the process memory limit. + + The memory limit for a process. + The NT status code. + + + + Set the job memory limit. + + The memory limit for a job. + True to throw on error. + The NT status code. + + + + Set the job memory limit. + + The memory limit for a job. + The NT status code. + + + + Set the time limit for a process. + + The time limit for a process, in 100ns ticks. Set to 0 to clear the timeout. + True to throw on error. + The NT status code. + + + + Set the time limit for a process. + + The time limit for a process, in 100ns ticks. Set to 0 to clear the timeout. + + + + Set the time limit for a process. + + The time limit for a process. + True to throw on error. + The NT status code. + + + + Set the time limit for a process. + + The time limit for a process. + + + + Set the time limit for a job. + + The time limit for a job, in 100ns ticks. Set to 0 to clear timeout. + True to throw on error. + The NT status code. + + + + Set the time limit for a job. + + The time limit for a job, in 100ns ticks. Set to 0 to clear timeout. + + + + Set the time limit for a job. + + The time limit for a job. + True to throw on error. + The NT status code. + + + + Set the time limit for a job. + + The time limit for a job. + + + + Get list of process IDs in Job. + + True to throw on error. + The list of process IDs. + + + + Get list of process IDs in Job. + + The list of process IDs. + + + + Set UI Restriction Flags. + + The UI Restriction Flags. + True to throw on error. + The NT status code. + + + + Set UI Restriction Flags. + + The UI Restriction Flags. + The NT status code. + + + + Query Silo Root directory. + + True to throw on error. + The silo root directory. + + + + Get Silo basic information. + + True to throw on error. + The Silo Basic Information. + + + + Get Silo basic information. + + True to throw on error. + The Server Silo Basic Information. + + + + Get Silo user shared data. + + True to throw on error. + The Silo User Shared Data. + + + + Get whether this job object can be impersonated. + + True to throw on error. + True if the job object can be impersonated. + + + + Enable thread impersonation on this job object. + + True to throw on error. + The NT status code. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Get or set completion filter for job object. + + + + + The count of completions for the job. + + + + + Get or set the Maximum Bandwith NetRate limitation. + + + + + Get or set the DSCP Tag NetRate limitation. + + + + + Get or set the active process limit. + + + + + Get or set the active process limit. + + + + + Get or set the minimum working set size. + + + + + Get or set the maximum working set size. + + + + + Get or set the process time limit. + + + + + Get or set the process time limit. + + + + + Get or set the process memory limit. + + + + + Get or set the process memory limit. + + + + + Get used peak job memory used. + + + + + Get used peak job memory used. + + + + + Get or set the job limit flags. + + + + + Get or set the job UI Restriction flags. + + + + + Get or set whether job breakaway is allowed. + + + + + Get or set whether silenty job breakaway is allowed. + + + + + ID of container. + + + + + ID of container telemetry. + + + + + Job ID. + + + + + Get the Silo's Root Directory. + + + + + Get Silo basic information. + + + + + Get Silo basic information. + + + + + Get Silo user shared data. + + + + + Get or set the thread impersonation status. + + + + + Get whether this Job object is a silo. + + + + + Class to represent an NT Key object + + + + + Load a new hive + + The destination path + The path to the hive + Load flags + The opened root key + Thrown on error. + + + + Load a new hive + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Desired access for the root key + The opened root key + Thrown on error. + + + + Load a new hive + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Desired access for the root key + Key that this hive will be trusted for. + Event handle for key load. + True to throw an exception on error. + The NT status code and object result. + + + + Load a new hive and do not open the root key. + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Key that this hive will be trusted for. + Event handle for key load. + True to throw an exception on error. + The NT status code. + + + + Load a new hive + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Desired access for the root key + Key that this hive will be trusted for. + Event handle for key load. + The opened key. + + + + Load a new hive and do not open the root key. + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Key that this hive will be trusted for. + Event handle for key load. + + + + Load a new hive + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Desired access for the root key + True to throw an exception on error. + The NT status code and object result. + + + + Load a new hive + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Desired access for the root key + Token to open the hive files under. + Key that this hive will be trusted for. + Event handle for key load. + True to throw an exception on error. + The NT status code and object result. + + + + Load a new hive and do not open the root key. + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Token to open the hive files under. + Key that this hive will be trusted for. + Event handle for key load. + True to throw an exception on error. + The NT status code. + + + + Load a new hive + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Desired access for the root key + Token to open the hive files under. + Key that this hive will be trusted for. + Event handle for key load. + The loaded key. + + + + Load a new hive and do not open the root key. + + Object attributes for the key name + Object attributes for the path to the hive file + Load flags + Token to open the hive files under. + Key that this hive will be trusted for. + Event handle for key load. + + + + Unload an existing hive. + + Object attributes for the key name + Unload flags + True to throw an exception on error. + The NT status code. + + + + Unload an existing hive. + + Path to key to unload. + Unload flags + Thrown on error. + + + + Unload an existing hive. + + Path to key to unload. + Thrown on error. + + + + Create a new Key + + Object attributes for the key name + Desired access for the root key + Create options + Optional transaction object. + True to throw an exception on error. + The NT status code and object result. + + + + Create a new Key + + Object attributes for the key name + Desired access for the root key + Create options + True to throw an exception on error. + The NT status code and object result. + + + + Create a new Key + + Object attributes for the key name + Desired access for the root key + Create options + The opened key + Thrown on error. + + + + Create a new Key + + Object attributes for the key name + Desired access for the root key + Create options + Optional transaction object. + The NT status code and object result. + + + + Create a new Key + + Path to the key to create + Root key if key_name is relative + Desired access for the root key + Create options + The opened key + Thrown on error. + + + + Try and open a Key + + Object attributes for the key name + Desired access for the root key + Open options. + Optional transaction object. + True to throw an exception on error. + The NT status code and object result. + + + + Try and open a Key + + Object attributes for the key name + Desired access for the root key + Open options. + True to throw an exception on error. + The NT status code and object result. + + + + Try and open a Key + + Path to the key to open + Root key if key_name is relative + Desired access for the root key + Open options. + Optional transaction object. + True to throw an exception on error. + The NT status code and object result. + + + + Try and open a Key + + Path to the key to open + Root key if key_name is relative + Desired access for the root key + Open options. + True to throw an exception on error. + The NT status code and object result. + + + + Open a Key + + Object attributes for the key name + Desired access for the root key + Open options. + The opened key + Thrown on error. + + + + Open a Key + + Object attributes for the key name + Desired access for the root key + Open options. + Optional transaction object. + The opened key + Thrown on error. + + + + Open a Key + + Path to the key to open + Root key if key_name is relative + Desired access for the root key + The opened key + Thrown on error. + + + + Query a license value. While technically not directly a registry key + it has many of the same properties such as using the same registry + value types. + + The name of the license value. + True to throw an exception on error + The license value key + + + + Query a license value. While technically not directly a registry key + it has many of the same properties such as using the same registry + value types. + + The name of the license value. + The license value key + + + + Create a registry key symbolic link + + Root key if path is relative + Path to the key to create + Target resistry path + The created symbolic link key + Thrown on error. + + + + Open the machine key + + The opened key with the maximum access allowed. + Thrown on error. + + + + Open the machine key + + The opened key with the maximum access allowed. + True to throw on error. + Thrown on error. + + + + Open the user key + + The opened key + Thrown on error. + + + + Open the user key + + The opened key with the maximum access allowed. + True to throw on error. + Thrown on error. + + + + Open a specific user key + + The SID of the user to open + The opened key + Thrown on error. + + + + Open the user key + + The SID of the user to open + True to throw on error. + The opened key with the maximum access allowed. + Thrown on error. + + + + Open the current user key + + The opened key + Thrown on error. + + + + Open the current user key + + True to throw on error. + The opened key with the maximum access allowed. + Thrown on error. + + + + Open the root key + + The opened key + Thrown on error. + + + + Open the root key + + The opened key with the maximum access allowed. + True to throw on error. + Thrown on error. + + + + Create a new Key + + Path to the key to create + The opened key + Thrown on error. + + + + Create a new Key + + Path to the key to create + Desired access for the root key + Create options + The opened key + Thrown on error. + + + + Delete the key + + True to throw on error. + + + + Delete the key + + + + + Set a resistry value + + The name of the value + The type of the value + The raw value data + True to throw on error. + Thrown on error. + The NT status code. + + + + Set a resistry value + + The name of the value + The type of the value + The raw value data + Thrown on error. + + + + Set a string resistry value + + The name of the value + The type of the value + The value data + True to throw on error. + Thrown on error. + The NT status code. + + + + Set a string resistry value as REG_SZ. + + The name of the value + The value data + True to throw on error. + Thrown on error. + The NT status code. + + + + Set a string resistry value + + The name of the value + The type of the value + The value data + Thrown on error. + + + + Set a string resistry value as REG_SZ. + + The name of the value + The value data + Thrown on error. + + + + Set a list of strings as a resistry value. + + The name of the value + The list of strings to set. + True to throw on error. + Thrown on error. + The NT status code. + + + + Set a list of strings as a resistry value. + + The name of the value + The list of strings to set. + Thrown on error. + + + + Set a DWORD resistry value + + The name of the value + The value data + True to throw on error. + Thrown on error. + The NT status code. + + + + Set a DWORD resistry value + + The name of the value + The value data + True to set the value of big endian. + True to throw on error. + Thrown on error. + The NT status code. + + + + Set a QWORD resistry value + + The name of the value + The value data + True to throw on error. + Thrown on error. + The NT status code. + + + + Set a DWORD resistry value + + The name of the value + The value data + Thrown on error. + + + + Set a DWORD resistry value + + The name of the value + The value data + True to set the value of big endian. + Thrown on error. + + + + Set a QWORD resistry value + + The name of the value + The value data + Thrown on error. + + + + Delete a registry value + + The name of the value + True to throw on error. + Thrown on error. + The NT status code. + + + + Delete a registry value + + The name of the value + Thrown on error. + + + + Query a value by name + + The name of the value + True to throw on error + The value information + + + + Query a value by name + + The name of the value + The value information + Thrown on error. + + + + Query all values for this key + + A list of values + Thrown on error. + + + + Query all subkey entries. + + The list of subkey entries + Thrown on error. + + + + Query all subkey names + + The list of subkey names + Thrown on error. + + + + Return a list of subkeys which can be accessed. + + The required access rights for the subkeys + True to open link keys rather than following the link. + True to open keys with backup flag set. + The disposable list of subkeys. + + + + Return a list of subkeys which can be accessed. + + The required access rights for the subkeys + The disposable list of subkeys. + Thrown on error. + + + + Set a symbolic link target for this key (must have been created with + appropriate create flags) + + The symbolic link target. + True to throw on error. + The NT status code. + Thrown on error. + + + + Set a symbolic link target for this key (must have been created with + appropriate create flags) + + The symbolic link target. + + + + Get the symbolic link target for this key. + + True to throw on error. + The symbolic link target. + Thrown on error. + + + + Get the symbolic link target for this key. + + The symbolic link target. + Thrown on error. + + + + Open a key + + The path to the key to open + The opened key + Thrown on error. + + + + Open a key + + The path to the key to open + Access rights for the key + The opened key + Thrown on error. + + + + Open a key + + The path to the key to open + Access rights for the key + True to throw on error. + The opened key + Thrown on error. + + + + Open a key + + The path to the key to open + Access rights for the key + Key open options. + True to throw on error. + The opened key + Thrown on error. + + + + Reopen the key with different access rights. + + The access rights to reopen with. + Open options. + True to throw on error. + The opened key. + + + + Reopen the key with different access rights. + + The access rights to reopen with. + The object attributes to open with. + Open options. + True to throw on error. + The opened key. + + + + Reopen the key with different access rights. + + The access rights to reopen with. + Open options. + The opened key. + + + + Convert object to a .NET RegistryKey object + + The registry key object + + + + Rename key. + + The new name for the key. + True to throw on error. + The NT status code. + Thrown on error. + + + + Rename key. + + The new name for the key. + Thrown on error. + + + + Save the opened key into a file. + + The file to save to. + Save key flags + True to throw on error. + The NT status code. + Thrown on error. + + + + Save the opened key into a file. + + The file to save to. + Save key flags + + + + Save the opened key into a file. + + The file path to save to. + Save key flags + True to throw on error. + The NT status code. + Thrown on error. + + + + Save the opened key into a file. + + The file path to save to. + Save key flags + + + + Save the opened key into a file. + + The file path to save to. + + + + Restore key from a file. + + The file to restore from + Restore key flags + True to throw on error. + The NT status code. + Thrown on error. + + + + Restore key from a file. + + The file to restore from + Restore key flags + + + + Restore key from a file. + + The file path to restore from + Restore key flags + True to throw on error. + The NT status code. + Thrown on error. + + + + Restore key from a file. + + The file path to restore from + Restore key flags + + + + Restore key from a file. + + The file path to restore from + + + + Try and lock the registry key to prevent further modification. + + Note that this almost certainly never works from usermode, there's an explicit + check to prevent it in the kernel. + + + + Wait for a change on the registry key. + + Specify what changes will be notified. + True to watch the entire tree. + The status from the change notification. + Thrown on error. + + + + Wait for a change on thie registry key asynchronously. + + Specify what changes will be notified. + True to watch the entire tree. + The status from the change notification. + Thrown on error. + + + + Visit all accessible keys under this one. + + A function to be called on every accessible key. Return true to continue enumeration. + Specify the desired access for the keys. + True to recurse into sub keys. + Specify max recursive depth. -1 to not set a limit. + Open the key using backup privileges. + + + + Visit all accessible directories under this one. + + A function to be called on every accessible directory. Return true to continue enumeration. + + + + Visit all accessible directories under this one. + + A function to be called on every accessible directory. Return true to continue enumeration. + True to recurse into sub directories. + + + + Visit all accessible directories under this one. + + A function to be called on every accessible directory. Return true to continue enumeration. + Specify the desired access for the directory + True to recurse into sub directories. + Open the key using backup privileges. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Get key last write time + + The last write time + Thrown on error. + + + + Get key subkey count + + The subkey count + Thrown on error. + + + + Get key value count + + The key value count + Thrown on error. + + + + Get the key title index + + The key title index + Thrown on error. + + + + Get the key class name + + The key class name + Thrown on error. + + + + Get the maximum key value name length + + The maximum key value name length + Thrown on error. + + + + Get the maximum key value data length + + The maximum key value data length + Thrown on error. + + + + Get the maximum subkey name length + + The maximum subkey name length + Thrown on error. + + + + Get the maximum class name length + + The maximum class name length + Thrown on error. + + + + Get the key path as a Win32 style one. If not possible returns + the original path. + + + + + The disposition when the key was created. + + + + + Indicates the handle is a special pre-defined one by the kernel. + + + + + Get or set virtualization flags. + + + + + Get or set key control flags. + + + + + Get or set wow64 flags. + + + + + Get key flags. + + + + + Indicates if this key is from a trusted hive. + + + + + Indicates if this key is a symbolic link. + + + + + Indicates if this key is volatile. + + + + + Get the name from NtQueryKey. + + + + + Returns whether this object is a container. + + + + + A key entry. + + + + + The name of the key. + + + + + The last write time. + + + + + The key's title index. + + + + + Class to represent a loaded hive from the Hive List. + + + + + Path to the root key. + + + + + Path to the hive file. + + + + + Utilities for registry keys. + + + + + Convert a Win32 style keyname such as HKEY_LOCAL_MACHINE\Path into a native key path. + + The win32 style keyname to convert. + The converted keyname. + Thrown if invalid name. + + + + Attempt to convert an NT style registry key name to Win32 form. + If it's not possible to convert the function will return the + original form. + + The NT path to convert. + The converted path, or original if it can't be converted. + + + + Query list of loaded hives from the Registry. + + Convert the file path to a DOS path. + The list of loaded hives. + + + + Query list of loaded hives from the Registry. + + The list of loaded hives. + + + + Class representing a single Key value + + + + + Name of the value + + + + + Type of the value + + + + + Raw data for the value + + + + + Title index for the value + + + + + Get the value as an object. + + + + + Convert the value to a string + + The value as a string + + + + Convert value to an object + + The value as an object + + + + LDR static methods. + + + + + Get address of a procedure in a mapped image. + + The handle to the mapped image. + The name of the procedure to find. + True to throw on error. + The procedure address. + + + + Get address of a procedure in a mapped image. + + The handle to the mapped image. + The name of the procedure to find. + The procedure address. + + + + Class to access NT locale information + + + + + Get mapped NLS section + + The type of section + The codepage number + True to throw on error. + The mapped section if it exists. + + + + Get mapped NLS section + + The type of section + The codepage number + The mapped section if it exists. + + + + Get default locale ID + + True if the locale should be the thread's, otherwise the systems + True to throw on error. + The locale ID + + + + Get default locale ID + + True if the locale should be the thread's, otherwise the systems + The locale ID + + + + Set default locale + + True if the locale should be the thread's, otherwise the systems + True to throw on error. + The locale ID + The NT status code. + + + + Set default locale + + True if the locale should be the thread's, otherwise the systems + The locale ID + + + + Class representing a NT File Mailslot client object + + + + + Set the mailslot read timeout. + + The timeout to set. + True to throw on error. + The NT Status code. + + + + Peek on the current status of the Mailslot. + + True to throw on error. + The peek status. + + + + Peek on the current status of the Mailslot. + + The peek status. + + + + Get or set the Read Timeout. + + + + + Get maximum message size. + + + + + Get mailslot quota. + + + + + Get next message size. + + + + + Get messages available. + + + + + Class representing a mapped section + + + + + The process which the section is mapped into + + + + + The valid length of the mapped section from the current position. + + This doesn't take into account the possibility of fragmented commits. + + + + Get full path for mapped section. + + + + + Query the memory protection setting for this mapping. + + + + + Get image signing level. + + + + + Get the base address of the mapped section. + + + + + Release the internal handle + + + + + + Checks if this mapped view represents the same file. + + The address to check. + True to throw on error. + True if the mapped view represents the same file. + + + + Checks if this mapped view represents the same file. + + The address to check. + True if the mapped view represents the same file. + + + + Detaches the current buffer and allocates a new one. + + Specify a new length for the detached buffer. Must be <= Length. + The detached buffer. + The original buffer will become invalid after this call. + + + + Class representing a NT Mutant object + + + + + Create a new mutant + + The path to the mutant + The root object if path is relative + True to set current thread as initial owner + The opened mutant + Thrown on error + + + + Create a new mutant + + Object attributes + True to set current thread as initial owner + Desired access for mutant + The opened mutant + Thrown on error + + + + Create a new mutant + + Object attributes + True to set current thread as initial owner + Desired access for mutant + True to throw an exception on error. + The NT status code and object result. + + + + Open a mutant + + The path to the mutant + The root object if path is relative + Desired access for mutant + The opened mutant + Thrown on error + + + + Open a mutant + + The path to the mutant + The root object if path is relative + The opened mutant + Thrown on error + + + + Open a mutant + + Object attributes + Desired access for mutant + The opened mutant + Thrown on error + + + + Open a mutant + + Object attributes + Desired access for mutant + True to throw an exception on error. + The NT status code and object result. + + + + Release the mutant + + True to throw on error. + The previous release count + + + + Release the mutant + + The previous release count + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Get the owner of the mutant. + + + + + Get current count. + + + + + Get wether mutant owned by current thread. + + + + + Get whether mutant is abandoned. + + + + + Pipe attribute type. + + + + + The pipe attributes. + + + + + The pipe connect attributes. + + + + + The pipe handle attributes. + + + + + Class to add additional methods to a file for a named pipe. This is a base class for server and client types. + + + + + Get a named attribute from the pipe. + + The attribute type to query. + The name of the attribute. + True to throw on error. + The attribute value as a byte array. + Thrown on error. + + + + Set a named attribute for a pipe. + + The attribute type to set. + The name of the attribute. + The value to set. + True to throw on error. + The status code for the attribute. + Thrown on error. + + + + Set a named attribute for a pipe. + + The attribute type to set. + The name of the attribute. + The value to set. + Thrown on error. + + + + Set a named attribute for a pipe. + + The attribute type to set. + The name of the attribute. + The value to set. + True to throw on error. + The status code for the attribute. + Thrown on error. + + + + Set a named attribute for a pipe. + + The attribute type to set. + The name of the attribute. + The value to set. + Thrown on error. + + + + Set a named attribute for a pipe. + + The attribute type to set. + The name of the attribute. + The value to set. + True to throw on error. + The status code for the attribute. + Thrown on error. + + + + Set a named attribute for a pipe. + + The attribute type to set. + The name of the attribute. + The value to set. + Thrown on error. + + + + Get a named attribute from the pipe. + + The attribute type to query. + The name of the attribute. + The attribute value as a byte array. + Thrown on error. + + + + Get a named attribute from the pipe as an integer. + + The attribute type to query. + The name of the attribute. + True to throw on error. + The attribute value as an integer. + Thrown on error. + + + + Get a named attribute from the pipe as an integer. + + The attribute type to query. + The name of the attribute. + The attribute value as an integer. + Thrown on error. + + + + Get a named attribute from the pipe as an integer. + + The attribute type to query. + The name of the attribute. + True to throw on error. + The attribute value as an integer. + Thrown on error. + + + + Get a named attribute from the pipe as an integer. + + The attribute type to query. + The name of the attribute. + The attribute value as an integer. + Thrown on error. + + + + Send and receive a message in one call. + + The input buffer to send. + The maximum output size. + True to throw on error. + The received buffer. + + + + Send and receive a message in one call. + + The input buffer to send. + The maximum output size. + The received buffer. + + + + Send and receive a message in one call. + + The input buffer to send. + The maximum output size. + True to throw on error. + The received buffer. + + + + Send and receive a message in one call. + + The input buffer to send. + The maximum output size. + The received buffer. + + + + Set pipe information flags. + + The read mode to set. + The completion mode. + True to throw on error. + The NT status code. + + + + Set pipe information flags. + + The read mode to set. + The completion mode. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Pipe completion mode. + + + + + Pipe read mode. + + + + + Pipe type. + + + + + Pipe configuration. + + + + + Maximum instances of the pipe, -1 is unlimited. + + + + + Current pipe instances. + + + + + Inbound quota. + + + + + Available bytes to read. + + + + + Outbound quota. + + + + + Available outbound quota. + + + + + Connect state of the named pipe. + + + + + Type of pipe endpoint. + + + + + Class to add additional methods to a file for a named pipe server. + + + + + Listen for a new connection to this named pipe server. + + + + + Listen for a new connection to this named pipe server asynchronously. + + An optional cancellation token. + The async task to complete. + + + + Listen for a new connection to this named pipe server asynchronously. + + The async task to complete. + + + + Disconnect this named pipe server. + + + + + Disconnect this named pipe server asynchronously. + + An optional cancellation token. + The async task to complete. + + + + Disconnect this named pipe server asynchronously. + + The async task to complete. + + + + Impersonate the client of the named pipe. + + The impersonation context. Dispose to revert to self. + + + + Get client process ID. + + + + + Get client session ID. If this is 0 then the client is local, otherwise it's set by the SMB server. + + + + + Get client computer name. + + + + + Get the default named pipe ACL for the current caller. + + The default named pipe ACL. + + + + Class to add additional methods to a file for a named pipe client. + + + + + Disables impersonation on a named pipe. + + + + + Get server process ID. + + + + + Get client session ID. + + + + + A pair of named pipes. + + + + + Read pipe for the pair. + + + + + Write pipe for the pair. + + + + + Base class for all NtObject types we handle + + + + + Get the basic information for the object. + + The basic information + + + + Base constructor + + Handle to the object + + + + Duplicate the internal handle to a new handle. + + Attribute flags for new handle + The source handle to duplicate + The source process to duplicate from + The desination process for the handle + Duplicate handle options + The access rights for the new handle + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate the internal handle to a new handle. + + The source handle to duplicate + The desination process for the handle + Duplicate handle options + The access rights for the new handle + The duplicated handle. + + + + Duplicate a handle from the current process to a new handle with the same access rights. + + The source handle to duplicate + The desination process for the handle + The duplicated handle. + + + + Duplicate a handle from and to the current process to a new handle with the same access rights. + + The source handle to duplicate + The duplicated handle. + + + + Duplicate a handle from and to the current process to a new handle with the same access rights. + + The source handle to duplicate + True to throw on error. + The duplicated handle. + + + + Duplicate a handle from and to the current process to a new handle with new access rights. + + The source handle to duplicate + The access for the new handle. + The duplicated handle. + + + + Indicates whether a specific type of kernel object can be opened. + + The kernel typename to check. + True if this type of object can be opened. + + + + Open an NT object with a specified type. + + The type to open. If null the method will try and lookup the appropriate type. + Object attributes for object. + Generic access rights to the object. + True to throw on error. + The opened object. + Thrown if an error occurred opening the object. + + + + Open an NT object with a specified type. + + The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type. + The path to the object to open. + A root directory to open from. + Generic access rights to the object. + Attributes to open the object. + Security quality of service. + True to throw on error. + The opened object. + Thrown if an error occurred opening the object. + + + + Open an NT object with a specified type. + + The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type. + The path to the object to open. + A root directory to open from. + Generic access rights to the object. + Attributes to open the object. + Security quality of service. + The opened object. + Thrown if an error occurred opening the object. + + + + Open an NT object with a specified type. + + The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type. + The path to the object to open. + A root directory to open from. + Generic access rights to the object. + The opened object. + Thrown if an error occurred opening the object. + Thrown if type of resource couldn't be found. + + + + Close a handle in another process. + + The source handle to close. + The source process containing the handle to close. + True to throw an exception on error. + The NT status code. + + + + Close a handle in another process. + + The source handle to close. + The source process containing the handle to close. + + + + Close a handle in another process by PID. + + The source handle to close. + The source process ID containing the handle to close. + True to throw an exception on error. + The NT status code. + + + + Close a handle in another process by PID. + + The source handle to close. + The source process ID containing the handle to close. + + + + Close a handle. + + The handle to close. + The NT status code. + + + + Close a handle. + + The handle to close. + The NT status code. + + + + Duplicate a handle to a new handle, potentially in a different process. + + Attribute flags for new handle + The source handle to duplicate + The source process to duplicate from + The desination process for the handle + Duplicate handle options + The access rights for the new handle + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate a handle to a new handle, potentially in a different process. + + Attribute flags for new handle + The source handle to duplicate + The source process to duplicate from + The desination process for the handle + Duplicate handle options + The access rights for the new handle + The NT status code and object result. + + + + Duplicate object. + + Access rights to duplicate with. + Attribute flags. + Duplicate options + True to throw an exception on error. + The duplicated object. + + + + Duplicate object. + + Access rights to duplicate with. + Attribute flags. + Duplicate options + The duplicated object. + + + + Duplicate object with specific access rights. + + Access rights to duplicate with. + The duplicated object. + + + + Duplicate object with same access rights. + + The duplicated object. + + + + Duplicate the object handle as a WaitHandle. + + The wait handle. + + + + Check if access is granted to a set of rights + + The access rights to check + True if all the access rights are granted + + + + Get security descriptor as a byte array + + What parts of the security descriptor to retrieve + The security descriptor + + + + Get security descriptor as a byte array + + What parts of the security descriptor to retrieve + True to throw on error. + The NT status result and security descriptor. + + + + Get security descriptor as a byte array + + Returns an array of bytes for the security descriptor + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + True to throw on error. + The NT status result. + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + True to throw on error. + The NT status code. + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + The security descriptor + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + True to throw on error. + The security descriptor + + + + Get the security descriptor as an SDDL string + + The security descriptor as an SDDL string + + + + Make the object a temporary object + + True to throw on error. + The NT status code. + + + + Make the object a temporary object + + + + + Make the object a permanent object + + True to throw on error. + The NT status code. + + + + Make the object a permanent object + + + + + Wait on the object to become signaled + + True to make the wait alertable + The time out + The success status of the wait, such as STATUS_SUCCESS or STATUS_TIMEOUT + Thrown on error + + + + Wait on the object to become signaled + + The time out + The success status of the wait, such as STATUS_SUCCESS or STATUS_TIMEOUT + Thrown on error + + + + Wait on the object to become signaled + + True to make the wait alertable + The time out in seconds + The success status of the wait, such as STATUS_SUCCESS or STATUS_TIMEOUT + Thrown on error + + + + Wait on the object to become signaled + + The time out in seconds + The success status of the wait, such as STATUS_SUCCESS or STATUS_TIMEOUT + Thrown on error + + + + Wait on the object to become signaled for an infinite time. + + The success status of the wait, such as STATUS_SUCCESS or STATUS_TIMEOUT + Thrown on error + + + + Wait on the object to become signaled. + + Timeout in seconds. + Cancellation token for wait. + A task to wait on. If result is true then event was signaled. + + + + Wait on the object to become signaled. + + Timeout in seconds. + A task to wait on. If result is true then event was signaled. + + + + Wait on the object to become signaled. + Will wait an infinite time. + + A task to wait on. + + + + Convert an enumerable access rights to a string + + True to try and convert to generic rights where possible. + The string format of the access rights + + + + Convert an enumerable access rights to a string + + The string format of the access rights + + + + Check if this object is exactly the same as another using NtCompareObject. + + The object to compare against. + True if this is the same object. + Thrown on error. + This is only supported on Windows 10 and above. For one which works on everything use SameObject. + + + + Check if this object is exactly the same as another. + + The object to compare against. + True if this is the same object. + Thrown on error. + This function can be slow to run and unreliable. Use CompareObject is Windows 10 or above. + + + + Convert to a string + + The string form of the object + + + + Get full path to the object + + + + + Get the granted access as an unsigned integer + + + + + Get the security descriptor, with Dacl, Owner, Group and Label + + + + + Get the security descriptor as an SDDL string + + The security descriptor as an SDDL string + + + + The low-level handle to the object. + + + + + Get the NT type name for this object. + + The NT type name. + + + + Get the NtType for this object. + + The NtType for the type name + + + + Get the name of the object + + + + + Indicates if the handle can be used for synchronization. + + + + + Get object creation time. + + + + + Get the attribute flags for the object. + + + + + Get number of handles for this object. + + + + + Get reference count for this object. + + + + + Get or set whether the handle is inheritable. + + + + + Get or set whether the handle is protected from closing. + + + + + Get the object's address is kernel memory. + + As getting the address is expensive you need to pass the object to NtSystemInfo::ResolveObjectAddress to intialize. + + + + Returns whether this object is a container. + + + + + Returns whether this object is closed. + + + + + Virtual Dispose method. + + True if disposing, false if finalizing + + + + Finalizer + + + + + Dispose + + + + + Close handle + + + + + Generic access rights. + + + + + Options for duplicating objects. + + + + + Close the original handle. + + + + + Duplicate with the same access. + + + + + Duplicate with the same handle attributes. + + + + + Prevent duplicating handle above the existing access. + + + + + Information class for NtQueryObject + + + + + + Structure to return Object Name + + + + + Structure to return Object basic information + + + + + Type of kernel pool used for object allocation + + + + + Native structure used for getting type information. + + + + + Static utility methods. + + + + + Convert the safe handle to an array of bytes. + + The data contained in the allocaiton. + + + + Convert an NtStatus to an exception if the status is an error + + The NtStatus + The original NtStatus if not an error + Thrown if status is an error. + + + + Convert an NtStatus to an exception if the status is an error and throw_on_error is true. + + The NtStatus + True to throw an exception onerror. + The original NtStatus if not thrown + Thrown if status is an error and throw_on_error is true. + + + + Checks if the NtStatus value is a success + + The NtStatus value + True if a success + + + + Checks if the NtStatus value is an error. + + The NtStatus value + True if an error. + + + + Get the severity of the NTSTATUS. + + The NtStatus value + The severity. + + + + Get the facility of the NTSTATUS. + + The NtStatus value + The facility. + + + + Get the status code of the NTSTATUS. + + The NtStatus value. + The static code. + + + + Is an NTSTATUS a customer code. + + The NtStatus value + True if is a customer code. + + + + Is an NTSTATUS reserved. + + The NtStatus value + True if reserved. + + + + Build a status from it's component parts. + + The severity of the status code. + Is this a customer code? + Is this a reserved code? + The facility. + The status code. + + + + + Convert an NTSTATUS to a message description. + + The status to convert. + The message description, or an empty string if not found. + + + + Convert an integer to an NtStatus code. + + The integer status. + The converted code. + + + + Convert an enumerable access rights to a string + + The granted access mask. + Generic mapping for object type. + Enum type to convert to string. + True to try and convert to generic rights where possible. + The string format of the access rights + + + + Convert an IEnumerable to a Disposable List. + + + + + + + + Run a function on an NtResult and dispose the result afterwards. + + The underlying result type. + The result of the function. + The result. + The function to call. + The default value to return if an error occurred. + The result of func. + If result is not a success then the function is not called. + + + + Run a function on an NtResult and dispose the result afterwards. + + The underlying result type. + The result of the function. + The result. + The function to call. + The result of func. + If result is not a success then the function is not called. + + + + Run an action on an NtResult and dispose the result afterwards. + + The underlying result type. + The result. + The action to call. + If result is not a success then the action is not called. + + + + Run a function on an NtResult and dispose the result afterwards. + + The underlying result type. + The result of the function. + The result. + The function to call. + The result of func. + + + + Run an action on an NtResult and dispose the result afterwards. + + The underlying result type. + The result. + The action to call. + + + + Convert a handle to a known object type. + + The handle. + The object type. + + + + Convert a handle to a known object type. + + The handle. + True to own the handle. + The object type. + + + + Convert a handle to a known object type. + + The handle. + True to own the handle. + The object type. + + + + Map a DOS error to an NT status code. + + The DOS error. + The NT status code. + + + + Map a status to a DOS error code. Takes into account NTWIN32 + status codes. + + The status code. + The mapped DOS error. + + + + Get the last NT status code in this thread set for Win32 last error. + + The last NT status code. + + + + Create an NT result object. If status is successful then call function otherwise use default value. + + The result type. + The associated status code. + Throw an exception on error. + Function to call to create an instance of the result + The created result. + + + + Create a successful NT result object. + + The result type. + The result value. + The created result. + + + + Create an NT result object. If status is successful then call function otherwise use default value. + + The result type. + The associated status code. + Throw an exception on error. + Function to call to create an instance of the result + Function to call on error. + The created result. + + + + Create an NT result object. If status is successful then call function otherwise use default value. + + The result type. + The associated status code. + Throw an exception on error. + Function to call to create an instance of the result + The created result. + + + + A derived class to add some useful functions such as Duplicate + + The derived type to use as return values + An enum which represents the access mask values for the type + + + + Reopen object with different access rights. + + The desired access. + Additional attributes for open. + True to throw on error. + The reopened object. + + + + Reopen object with different access rights. + + The desired access. + True to throw on error. + The reopened object. + + + + Reopen object with different access rights. + + The desired access. + The reopened object. + + + + Duplicate object. + + Access rights to duplicate with. + Attribute flags. + Duplicate options + True to throw an exception on error. + The duplicated object. + + + + Duplicate object. + + Access rights to duplicate with. + Attribute flags. + Duplicate options + True to throw an exception on error. + The duplicated object. + + + + Duplicate object. + + Access rights to duplicate with. + Attribute flags. + Duplicate options + The duplicated object. + + + + Duplicate the object with specific access rights + + The access rights for the new handle + The duplicated object + + + + Duplicate the object with specific access rights + + The access rights for the new handle + True to throw an exception on error. + The duplicated object + + + + Duplicate the object with same access rights + + The duplicated object + + + + Duplicate the object with same access rights + + True to throw on error. + The duplicated object + + + + Get granted access for handle. + + Granted access + + + + Get generic granted access for handle. + + Generic Granted access + + + + Get the maximum permission access for this object based on a token + and it's security descriptor. + + The token to check against. + Returns 0 if can't read the security descriptor. + + + + Get the maximum permission access for this object based on the current token + and its security descriptor. + + Returns 0 if can't read the security descriptor. + + + + Check if a specific set of access rights is granted + + The access rights to check + True if all access rights are granted + + + + Create a new instance from a kernel handle + + The kernel handle + The new typed instance + + + + Create a new instance from a kernel handle + + The kernel handle + True to own the handle. + The new typed instance + + + + Create a new instance from a kernel handle. + + The kernel handle + The call doesn't own the handle. The returned object can't be used to close the handle. + The new typed instance + + + + Duplicate an instance from a process + + The process (with DupHandle access) + The handle value to duplicate + The access rights to duplicate with + The options for duplication. + The attribute flags for the new object. + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate an instance from a process + + The process (with DupHandle access) + The handle value to duplicate + The access rights to duplicate with + The options for duplication. + The attribute flags for the new object. + The NT status code and object result. + + + + Duplicate an instance from a process + + The process (with DupHandle access) + The handle value to duplicate + The access rights to duplicate with + The options for duplication. + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate an instance from a process + + The process ID + The handle value to duplicate + The access rights to duplicate with + The options for duplication. + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate an instance from a process with a specified access rights. + + The process (with DupHandle access) + The handle value to duplicate + The access rights to duplicate. + The duplicated handle + + + + Duplicate an instance from a process + + The process ID + The handle value to duplicate + The access rights to duplicate with + The duplicated handle + + + + Duplicate an instance from a process with same access rights. + + The process (with DupHandle access) + The handle value to duplicate + The duplicated object. + + + + Duplicate an instance from a process with same access rights + + The process ID + The handle value to duplicate + The duplicated handle + + + + Duplicate an instance from current process to an other process + + The destination process (with DupHandle access) + The access rights to duplicate with + The options for duplication. + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate an instance from current process to an other process + + The destination process (with DupHandle access) + The handle value to duplicate + The access rights to duplicate with + The options for duplication. + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate an instance from current process to an other process + + The destination process ID + The handle value to duplicate + The access rights to duplicate with + The options for duplication. + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate an instance from current process to an other process with a specified access rights. + + The destination process (with DupHandle access) + The handle value to duplicate + The access rights to duplicate. + The duplicated handle + + + + Duplicate an instance from current process to an other process + + The destination process ID + The handle value to duplicate + The access rights to duplicate with + The duplicated handle + + + + Duplicate an instance from current process to an other process with same access rights. + + The destination process (with DupHandle access) + The handle value to duplicate + The duplicated object. + + + + Duplicate an instance from current process to an other process with same access rights. + + The destination process (with DupHandle access) + The duplicated object. + + + + Duplicate an instance from current process to an other process with same access rights + + The destination process ID + The handle value to duplicate + The duplicated handle + + + + Duplicate an instance from current process to an other process with same access rights + + The destination process ID + The duplicated handle + + + + Duplicate an instance from a process to an other process + + The source process (with DupHandle access) + The handle value to duplicate + The destination process (with DupHandle access) + The access rights to duplicate with + The options for duplication. + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate an instance from a process to an other process + + The source process ID + The handle value to duplicate + The destination process ID + The access rights to duplicate with + The options for duplication. + True to throw an exception on error. + The NT status code and object result. + + + + Duplicate an instance from a process to an other process with a specified access rights. + + The source process (with DupHandle access) + The handle value to duplicate + The destination process (with DupHandle access) + The access rights to duplicate. + The duplicated handle + + + + Duplicate an instance from a process to an other process + + The source process ID + The handle value to duplicate + The destination process ID + The access rights to duplicate with + The duplicated handle + + + + Duplicate an instance from a process to an other process with same access rights. + + The source process (with DupHandle access) + The handle value to duplicate + The destination process (with DupHandle access) + The duplicated object. + + + + Duplicate an instance from a process to an other process with same access rights + + The source process ID + The handle value to duplicate + The destination process ID + The duplicated handle + + + + Interface to generically query an object. + + + + + Interface to generically set an object. + + + + + A derived class to add some useful functions such as Duplicate as well as generic Query and Set information methods. + + The derived type to use as return values + An enum which represents the access mask values for the type + An enum which represents the information class for query. + An enum which represents the information class for set. + + + + Query a fixed structure from the object. + + The type of structure to return. + The information class to query. + A default value for the query. + True to throw on error. + The result of the query. + Thrown on error. + + + + Query a fixed structure from the object. + + The type of structure to return. + The information class to query. + A default value for the query. + The result of the query. + Thrown on error. + + + + Query a fixed structure from the object. + + The type of structure to return. + The information class to query. + The result of the query. + Thrown on error. + + + + Query an enumerated value from the object. + + The type of enum to return. + The base type for the enumeration. + The information class to query. + The result of the query. + Thrown on error. + + + + Query an enumerated value from the object. + + The type of enum to return. + The information class to query. + The result of the query. + Thrown on error. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Query the information class as an object. + + The information class. + The information class as an object. + If the information class doesn't have an explicit object type a raw byte query will be made. + + + + Query a variable buffer from the object. + + The type of structure to return. + The information class to query. + A default value for the query. + True to throw on error. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The information class to query. + A buffer to initialize the initial query. Can be null. + True to throw on error. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The information class to query. + A buffer to initialize the initial query. Can be null. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The information class to query. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object and return as bytes. + + The information class to query. + A buffer to initialize the initial query. Can be null. + True to throw on error. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object and return as bytes. + + The information class to query. + A buffer to initialize the initial query. Can be null. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object and return as bytes. + + The information class to query. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The type of structure to return. + The information class to query. + A default value for the query. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The type of structure to return. + The information class to query. + The result of the query. + Thrown on error. + + + + Set a value to the object. + + The type of structure to set. + The information class to set. + The value to set. If you specify a SafeBuffer then it'll be passed directly. + True to throw on error. + The NT status code of the set. + Thrown on error. + + + + Set a value to the object. + + The type of structure to set. + The information class to set. + The value to set. + The NT status code of the set. + Thrown on error. + + + + Set a value to the object from a buffer. + + The information class to set. + The value to set. + True to throw on error. + The NT status code of the set. + Thrown on error. + + + + Set a value to the object from a buffer.. + + The information class to set. + The value to set. + The NT status code of the set. + Thrown on error. + + + + Set a raw value to the object. + + The information class to set. + The raw value to set. + True to throw on error. + The NT status code of the set. + Thrown on error. + + + + Set a raw value to the object. + + The information class to set. + The raw value to set. + The NT status code of the set. + Thrown on error. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Overriddable method to determine the maximum brute force length for query. + + Information class to key on if needs to return different sizes. + The maximum bytes to brute force. Returning 0 will disable brute force. + + + + Overridable method to determine if the return length shouldn't be trusted for this info class when querying a variable buffer. + + Information class to key on. + True to trust the return length when querying a variable buffer. + + + + Class representing a NT Partition object + + + + + Create a partition object + + The object attributes + Optional parent parition. + Desired access for the partition. + The preferred node, -1 for any node. + True to throw an exception on error. + The NT status code and object result. + + + + Create a partition object + + The object attributes + Optional parent parition. + Desired access for the partition. + The preferred node, -1 for any node. + The NT status code and object result. + + + + Open a partition object + + The object attributes + Desired access for the partition. + True to throw an exception on error. + The NT status code and object result. + + + + Open a partition object + + The object attributes + Desired access for the partition. + The NT status code and object result. + + + + Class representing a NT Process object. + + + + + Gets all accessible processes on the system. + + The access desired for each process. + The list of accessible processes. + + + + Gets all accessible processes on the system. + + The access desired for each process. + True to get processes from system information rather than NtGetNextProcess + The list of accessible processes. + + + + Gets all accessible processes on the system in a particular session. + + The session ID. + The access desired for each process. + The list of accessible processes. + + + + Gets all accessible processes on the system in the current session session. + + The access desired for each process. + The list of accessible processes. + + + + Get first accessible process (used in combination with GetNextProcess) + + The access required for the process. + The accessible process, or null if one couldn't be opened. + + + + Open a process + + The process ID to open + Optional thread ID to verify the correct process is opened. + The desired access for the handle + True to throw an exception on error. + The NT status code and object result. + + + + Open a process + + The process ID to open + The desired access for the handle + True to throw an exception on error. + The NT status code and object result. + + + + Open a process + + The process ID to open + The desired access for the handle + The opened process + + + + Open a process + + The process ID to open + Optional thread ID to verify the correct process is opened. + The desired access for the handle + The opened process. + + + + Create a new process + + Optional object attributes. + Desired access for the new process. + The parent process + Creation flags + Handle to the executable image section + Debug port for the new process. + Access token for the new process. + True to throw on error. + The created process + + + + Create a new process + + Desired access for the new process. + Optional object attributes. + The parent process + Creation flags + Handle to the executable image section + Debug port for the new process. + Access token for the new process. + The created process + + + + Create a new process + + The parent process + Creation flags + Handle to the executable image section + Access token for the new process. + The created process + + + + Create a new process + + The parent process + Creation flags + Handle to the executable image section + The created process + + + + Create a new process + + Handle to the executable image section + Access token for the new process. + The created process + + + + Create a new process + + Handle to the executable image section + The created process + + + + Create a new process + + Optional object attributes. + Desired access for the new process. + The parent process + Creation flags + Handle to the executable image section + Debug port for the new process. + Access token for the new process. + True to throw on error. + The created process + This uses NtCreateProcessEx rather than NtCreateUserProcess + + + + Create a new process + + Desired access for the new process. + Optional object attributes. + The parent process + Creation flags + Handle to the executable image section + Debug port for the new process. + Access token for the new process. + The created process + + + + Create a new user process. + + The process configuration. + True to throw on error. + The result of the process creation + + + + Create a new user process. + + The process configuration. + The result of the process creation + + + + Fork a process. + + The process configuration. + True to throw on error. + The new forked process result + This uses NtCreateUserProcess. + + + + Fork a process. + + The process configuration. + The new forked process result + This uses NtCreateUserProcess. + + + + Open an actual handle to the current process rather than the pseudo one used for Current + + The process object + + + + Test whether a process can access another protected process. + + The current process. + The target process. + True if the process can be accessed. + + + + Reopen object with different access rights. + + The desired access. + Additional attributes for open. + True to throw on error. + The reopened object. + + + + Get next accessible process (used in combination with GetFirstProcess) + + The access required for the process. + The accessible process, or null if one couldn't be opened. + + + + Get previous accessible process (used in combination with GetFirstProcess) + + The access required for the process. + The accessible process, or null if one couldn't be opened. + + + + Get previous accessible process (used in combination with GetFirstProcess) + + The accessible process, or null if one couldn't be opened. + + + + Get first accessible thread for process. + + The desired access for the thread. + The first thread object, or null if not accessible threads. + + + + Get first accessible thread for process. + + The first thread object, or null if not accessible threads. + + + + Get accessible threads for a process. + + The desired access for the threads + The list of threads + + + + Get accessible threads for a process. + + The list of threads + + + + Read a partial PEB from the process. + + The read PEB structure. + + + + Create a new process + + Creation flags + Handle to the executable image section + The created process + This uses NtCreateProcessEx rather than NtCreateUserProcess + + + + Create a new process + + Optional object attributes. + Desired access for the new process. + Creation flags + Handle to the executable image section + Debug port for the new process. + Access token for the new process. + True to throw on error. + The created process + This uses NtCreateProcessEx rather than NtCreateUserProcess + + + + Create a new process + + Optional object attributes. + Desired access for the new process. + Creation flags + Handle to the executable image section + Debug port for the new process. + Access token for the new process. + The created process + This uses NtCreateProcessEx rather than NtCreateUserProcess + + + + Terminate the process + + The exit code for the termination + + + + Terminate the process + + The exit code for the termination + + + + Terminate the process + + The exit code for the termination + True to throw on error. + The NT status code. + + + + Get process image file path + + True to return the native image path, false for a Win32 style path + True to throw on error. + The process image file path + + + + Get process image file path + + True to return the native image path, false for a Win32 style path + The process image file path + + + + Get a mitigation policy raw value + + The policy to get + True to throw on error. + The raw policy value + + + + Get a mitigation policy raw value + + The policy to get + The raw policy value + + + + Get a mitigation policy as an enumeration. + + The policy to get. + True to throw on error. + The mitigation policy value + + + + Get a mitigation policy as an enumeration. + + The policy to get. + The mitigation policy value + + + + Get a mitigation policy raw value + + The policy to get + True to throw on error. + The raw policy value + + + + Get a mitigation policy raw value + + The policy to get + The raw policy value + + + + Set a mitigation policy raw value + + The policy to set + The value to set + True to throw on error. + The NT status code. + + + + Set a mitigation policy raw value + + The policy to set + The value to set + + + + Set a mitigation policy value from an enum. + + The policy to set + The value to set + True to throw on error. + The NT status code. + + + + Set a mitigation policy value from an enum. + + The policy to set + The value to set + + + + Set a mitigation policy raw value + + The policy to set + The value to set + True to throw on error. + The NT status code. + + + + Set a mitigation policy raw value + + The policy to set + The value to set + + + + Disable dynamic code policy on another process. + + + + + Suspend the entire process. + + True to throw on error. + The NT status code. + + + + Resume the entire process. + + True to throw on error. + The NT status code. + + + + Suspend the entire process. + + + + + Resume the entire process. + + + + + Open the process' token + + The process token. + + + + Open the process' token + + True to throw on error. + The process token. + + + + Open the process' token + + Desired access for token. + True to throw on error. + The process token. + + + + Set process access token. Process must be have not been started. + + The token to set. + True to throw on error. + The NT status code. + + + + Set process access token. Process must be have not been started. + + The token to set. + + + + Read memory from a process. + + The base address in the process. + The length to read. + If true ensure we read all bytes, otherwise throw on exception. + The array of bytes read from the location. + If a read is short then returns fewer bytes than requested. + Thrown on error. + + + + Read memory from a process. + + The base address in the process. + The length to read. + The array of bytes read from the location. + If a read is short then returns fewer bytes than requested. + Thrown on error. + + + + Write memory to a process. + + The base address in the process. + The data to write. + The number of bytes written to the location + Thrown on error. + + + + Read structured memory from a process. + + The base address in the process. + The read structure. + Thrown on error. + Type of structure to read. + + + + Write structured memory to a process. + + The base address in the process. + The data to write. + Thrown on error. + Type of structure to write. + + + + Read structured memory array from a process. + + The base address in the process. + The number of elements in the array to read. + The read structure. + Thrown on error. + Type of structure to read. + + + + Write structured memory array to a process. + + The base address in the process. + The data array to write. + Thrown on error. + Type of structure to write. + + + + Query memory information for a process. + + The base address. + The queries memory information. + Thrown on error. + + + + Query all memory information regions in process memory. + + The list of memory regions. + Specify memory types to filter on. + Set of flags which indicate the memory states to return. + Thrown on error. + + + + Query all memory information regions in process memory. + + The list of memory regions. + True to include free regions of memory. + Specify memory types to filter on. + Thrown on error. + + + + Query all memory information regions in process memory. + + The list of memory regions. + True to include free regions of memory. + Thrown on error. + + + + Query all memory information regions in process memory excluding free regions. + + The list of memory regions. + Thrown on error. + + + + Query a list of mapped images in a process. + + The list of mapped images + Thrown on error. + + + + Query a list of mapped files in a process. + + The list of mapped images + Thrown on error. + + + + Query a list of all mapped files and images in a process. + + The list of mapped images + Thrown on error. + + + + Allocate virtual memory in a process. + + Optional base address, if 0 will automatically select a base. + The region size to allocate. + The type of allocation. + The allocation protection. + True to throw on error. + The address of the allocated region. + Thrown on error. + + + + Allocate virtual memory in a process. + + Optional base address, if 0 will automatically select a base. + The region size to allocate. + The type of allocation. + The allocation protection. + The address of the allocated region. + Thrown on error. + + + + Allocate read/write virtual memory in a process. + + The region size to allocate. + The address of the allocated region. + Thrown on error. + + + + Free virtual emmory in a process. + + Base address of region to free + The size of the region. + The type to free. + Thrown on error. + + + + Free virtual emmory in a process. + + Base address of region to free + The size of the region. + The type to free. + True to throw on error. + Thrown on error. + + + + Change protection on a region of memory. + + The base address + The size of the memory region. + The new protection type. + The old protection for the region. + Thrown on error. + + + + Change protection on a region of memory. + + The base address + The size of the memory region. + The new protection type. + True to throw on error. + The old protection for the region. + Thrown on error. + + + + Flush instruction cache. + + The address to flush. + The number of bytes to flush/ + True to throw on error. + The NT status code. + + + + Flush instruction cache. + + The address to flush. + The number of bytes to flush/ + + + + Query working set information for an address in a process. + + The base address to query. + True to throw on error + The working set information. + Thrown on error. + + + + Query working set information for an address in a process. + + The base address to query. + The working set information. + Thrown on error. + + + + Set the process device map. + + The device map directory to set. + Note that due to a bug in the Wow64 layer this won't work in a 32 bit process on a 64 bit system. + + + + Set the process device map. + + The device map directory to set. + True to throw on error. + Note that due to a bug in the Wow64 layer this won't work in a 32 bit process on a 64 bit system. + + + + Set the process device map. + + The device map directory to set. + Note that due to a bug in the Wow64 layer this won't work in a 32 bit process on a 64 bit system. + + + + Set the process device map. + + The device map directory to set. + True to throw on error. + Note that due to a bug in the Wow64 layer this won't work in a 32 bit process on a 64 bit system. + + + + Open a process' debug object. + + True to throw on error. + The process' debug object. + + + + Open a process' debug object. + + The process' debug object. + + + + Queries whether process is backed by a specific file. + + File object opened with Synchronize and Execute access to test against. + True if the process is created from the image file. + + + + Open parent process by ID. + + The desired process access rights. + True to throw on error. + The opened process. + Thrown on error. + + + + Open parent process by ID. + + The desired process access rights. + The opened process. + Thrown on error. + + + + Open parent process by ID. + + The opened process. + Thrown on error. + + + + Open owner process by ID. + + The desired process access rights. + True to throw on error. + The opened process. + Thrown on error. + + + + Open owner process by ID. + + The desired process access rights. + The opened process. + Thrown on error. + + + + Open owner process by ID. + + The opened process. + Thrown on error. + + + + Get if process is in a job. + + A specific job to check + True if in specific job. + + + + Get if process is in a job. + + True if in a job. + + + + Get process handle table. + + The list of process handles. + + + + Get handles for process. + + Specify to all name/details to be queried from the handle. + Force file query for name/details for non-filesystem handles. + True to throw on error. + The list of handles. + This queries the handles from the process which does not contain the Object's addres in kernel memory. + + + + Get handles for process. + + Specify to all name/details to be queried from the handle. + True to throw on error. + The list of handles. + This queries the handles from the process which does not contain the Object's addres in kernel memory. + + + + Get handles for process. + + Specify to all name/details to be queried from the handle. + The list of handles. + This queries the handles from the process which does not contain the Object's addres in kernel memory. + + + + Get handles for process. + + The list of handles. + This queries the handles from the process which does not contain the Object's addres in kernel memory. + + + + Get the process handle table and try and get them as objects. + + True to only return named objects + A list of typenames to filter on (if empty then return all) + The list of handles as objects. + This function will drop handles it can't duplicate. + + + + Get the process handle table and try and get them as objects. + + The list of handles as objects. + This function will drop handles it can't duplicate. + + + + Open image section for process. + + True to throw on error. + The opened image section. + Should only work on the pseudo process handle. + + + + Open image section for process. + + The opened image section. + Should only work on the pseudo process handle. + + + + Unmap a section. + + The base address to unmap. + Flags for unmapping memory. + True to throw on error. + The NT status code. + + + + Unmap a section. + + The base address to unmap. + True to throw on error. + The NT status code. + + + + Unmap a section. + + The base address to unmap. + Flags for unmapping memory. + + + + Unmap a section. + + The base address to unmap. + + + + Get the user SID for the process. + + True to throw on error. + The user SID. + + + + Get the user SID for the process. + + The user SID. + + + + Get the integrity level for the process. + + True to throw on error. + The integerity level. + + + + Set process fault flags. + + The flags to set. + True to throw on error. + The NT status code for the operation. + + + + Set process fault flags. + + The flags to set. + The NT status code for the operation. + + + + Set the process exception port. + + The exception port to set. + Additional state flags. + True to throw on error. + The NT status code. + + + + Set the process exception port. + + The exception port to set. + True to throw on error. + The NT status code. + + + + Set the process exception port. + + The exception port to set. + The NT status code. + + + + Get the user process parameters. + + The user process parameters. + + + + Fork the process. + + Extra flags for fork. + True to throw on error. + The new forked process result. + This uses NtCreateProcessEx. + + + + Fork the process. + + Extra flags for fork. + The new forked process result. + This uses NtCreateProcessEx. + + + + Fork the process. + + The new forked process result. + This uses NtCreateProcessEx. + + + + Get the accessible job objects this process is in. + + This tries to find accessible Job handles. There's no guarantee that all Job objects will be found for the process. + The list of job objects. + + + + Set thread intelligence logging flags. + + The flags to set. + True to throw on error. + The NT status code. + + + + Set thread intelligence logging flags. + + The flags to set. + + + + Get the process security domain. + + True to throw on error. + The security domain. + + + + Get the process security domain. + + The security domain. + + + + Combine two process' security domains. + + The process to combine with. Needs QueryLimitedInformation. + True to throw on error. + The NT status code. + The current process need SetLimitedInformation access. + + + + Combine two process' security domains. + + The process to combine with. Needs QueryLimitedInformation. + The current process need SetLimitedInformation access. + + + + Get the session ID for the process. + + True to throw on error. + The session ID. + + + + Test whether the current process can access another protected process. + + The target process. + True if the process can be accessed. + + + + Get the environment from the process. + + List of environment variables. + + + + Get an environment variable by name. + + The name of the variable. + The value of the environment variable. Returns null if it doesn't exist. + Only returns the first variable with a case insensitive name. + + + + Revoke file handles for an AppContainer process. + + The device path for the files to revoke. + True to throw on error. + The NT status code. + + + + Revoke file handles for an AppContainer process. + + The device path for the files to revoke. + + + + Get the process command line. + + True to throw on error. + The process command line. + + + + Get the IO counters for the process. + + True to throw on error. + The IO counters. + + + + Create a VBS enclave. + + Size of the enclave. + Flags for the enclave. + Owner ID. Must be 32 bytes. + True to throw on error. + The created enclave. + + + + Create a VBS enclave. + + Size of the enclave. + Flags for the enclave. + Owner ID. Must be 32 bytes. + The created enclave. + + + + Get priority boost disable value. + + True to throw on error. + True if priority base + + + + Set priority boost disable value. + + True to disable priority boost. + True to throw on error. + The NT status code. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Get the process' session ID + + + + + Get the process' ID + + + + + Get the process' parent process ID + + + + + Get the memory address of the PEB + + + + + Get the memory address of the PEB for a 32 bit process. + + If the process is 64 bit, or the OS is 32 bit this returns the same value as PebAddress. + + + + Get the base address of the process from the PEB. + + + + + Read flags from PEB. + + + + + Get the process' exit status. + + + + + Get the process' exit status as an NtStatus code. + + + + + Get the process' command line + + + + + Get the command line as parsed arguments. + + + + + Get process DEP status + + + + + Get whether process has a debug port. + + + + + + Get handle count. + + + + + Get break on termination flag. + + + + + Get or set debug flags. + + + + + Get or set execute flags. + + + + + Get IO priority. + + + + + Get secure cookie. + + + + + Get the process user. + + + + + Get the integrity level of the process. + + + + + Get process mitigations + + + + + Get extended process flags. + + + + + Get process window title (from Process Parameters). + + + + + Get process window flags (from Process Parameters). + + + + + Get the process subsystem type. + + + + + Get if the process is Wow64 + + + + + Get whether the process is 64bit. + + + + + Get whether LUID device maps are enabled. + + + + + Return whether this process is sandboxed. + + + + + Get or set the hard error mode. + + + + + Does the process has a child process restriction? + + + + + Gets whether the process is currently deleting. + + + + + Gets whether the process is secure. + + + + + Gets whether the process is protected. + + + + + Gets whether the process is a subsystem process. + + + + + Gets whether the process is frozen. + + + + + Get process protection information. + + + + + Query process section image information. + + + + + Get full image path name in native format + + + + + Get the Win32 image path. + + + + + Get owner process ID + + + + + Query the process token's full package name. + + + + + Get or set whether resource virtualization is enabled. + + + + + Get the security domain of the process. + + + + + Get the creation time of the process. + + + + + Get the exit time of the process. + + + + + Get the time spent in the kernel. + + + + + Get the time spent in user mode. + + + + + Get the time spent in the kernel in seconds. + + + + + Get the time spent in user mode. + + + + + Get the process IO counters. + + + + + Get or set priority boost disabled. + + + + + Get the current process. + + This only uses the pseudo handle, for the process. If you need a proper handle use OpenCurrent. + + + + Get the current PEB address. + + + + + Configuration for a new NT Process. + + + + + Path to the executable to start. + + + + + Path to the executable to start which is passed in the process configuration. + + This doesn't have to match ImagePath. + + + + Command line + + + + + Prepared environment block. + + + + + Title of the main window. + + + + + Path to DLLs. + + + + + Current directory for new process + + + + + Desktop information value + + + + + Shell information value + + + + + Runtime data. + + + + + Prohibited image characteristics for new process + + + + + Additional file access for opened executable file. + + + + + Process create flags. + + + + + Thread create flags. + + + + + Initialization flags + + + + + Parent process. + + + + + Specify child process mitigations. + + + + + Whether to terminate the process on dispose. + + + + + Specify a security descriptor for the process. + + + + + Specify a security descriptor for the initial thread. + + + + + Specify the primary token for the new process. + + + + + Access for process handle. + + + + + Access for thread handle. + + + + + Set protection level. + + + + + Set to create a trustlet. + + + + + Set to specify the configuration for the trustlet if Secure is set. + + + + + Capture additional information when NtProcess.Create returns. + + + + + Specify callback to update process parameters. + + + + + Redirection DLL path. Only supported from 1903. + + + + + Inheritable handles. + + + + + Debug object. + + + + + Toggle inherit handles process create flag. + + + + + Add an extra process/thread attribute. + + The process attribute to add. + The caller is responsible for disposing the attribute, this class does not hold a reference. + + + + Set protected process protection level. + + The type of protected process. + The signer level. + + + + Constructor + + + + + Result from creating a user process. + + + + + Handle to the process + + + + + Handle to the initial thread + + + + + Handle to the image file + + + + + Handle to the image section + + + + + Handle to the IFEO key (if it exists) + + + + + Image information + + + + + Client ID of process and thread + + + + + Process ID + + + + + Thread ID + + + + + Create status. + + + + + True if create succeeded. + + + + + DLL characterists if CreateState is FailMachineMismatch. + + + + + Creation state + + + + + Output flags if CreateStatus is Success. + + + + + Native user process parameters pointer if CreateStatus is Success. + + + + + Wow64 user process parameters pointer if CreateStatus is Success. + + + + + Current parameter flags if CreateStatus is Success. + + + + + PEB pointer if CreateStatus is Success. + + + + + Wow64 PEB pointer if CreateStatus is Success. + + + + + Manifest pointer if CreateStatus is Success. + + + + + Manifest size if CreateStatus is Success. + + + + + Set to true to terminate process on disposal + + + + + Terminate the process + + Exit code for termination + + + + Resume initial thread + + The suspend count + + + + Explicit conversion operator to an NtThread object. + + The win32 process + + + + Explicit conversion operator to an NtProcess object. + + The win32 process + + + + Dispose + + + + + Entry for a process environment block. + + + + + Name of the environment variable. + + + + + Value of the environment variable. + + + + + Constructor. + + Name of the environment variable. + Value of the environment variable. + + + + Class representing various process mitigations + + + + + Partial definition of the PEB + + + + + Partial definition of the PEB + + + + + Class which represents the configuration for a trustlet. + + + + + The ID of the trustlet. + + + + + The mailbox key. Must be 2 longs. + + + + + The collaboration ID. Must be 2 longs. + + + + + The VM ID. Must be 2 longs. + + + + + The TK sessio ID. Must be 4 longs. + + + + + Overridden ToString method. + + The object as a string. + + + + Create a trustlet configuration from an image file. + + The path to the image file. Should be a native path. + True to throw on error. + The trustlet configuration. + + + + Create a trustlet configuration from an image file. + + The path to the image file. Should be a win32 path. + The trustlet configuration. + + + + Constructor + + + + + Constructor + + The ID of the trustlet. + + + + Class to represent a registry transaction object + + + + + Create a transaction + + The object attributes + Desired access for the handle + True to throw an exception on error. + The NT status code and object result. + + + + Create a transaction + + The object attributes + Desired access for the handle + The opened transaction + + + + Create a transaction + + The path of the transaction + The root if path is relative + The opened transaction + + + + Create a transaction + + The path of the transaction + The opened transaction + + + + Create a transaction + + The opened transaction + + + + Open a transaction object. + + The path to the object + The root if path is relative + The desired access for the object + The opened object + + + + Open a transaction object. + + The object attributes for the object + The desired access for the object + True to throw an exception on error. + The NT status code and object result. + + + + Open a transaction object. + + The object attributes for the object + The desired access for the object + The opened object + + + + Open a transaction object. + + The path to the object + The opened object + + + + Commit the transaction + + + + + Rollback the transaction + + + + + Enable the transaction for anything in the current thread context. + + The transaction context. This should be disposed to disable the transaction. + + + + Class to represent a transaction resource manager. + + + + + Create a new resource manager object. + + The object attributes + Desired access for the handle + Creation options flags. + Optional transaction manager to assign the resource manager to. + Resource manager GUID. + Optional description. + True to throw an exception on error. + The NT status code and object result. + + + + Create a new resource manager object. + + The object attributes + Desired access for the handle + Creation options flags. + Optional transaction manager to assign the resource manager to. + Resource manager GUID. + Optional description. + The object result. + Thrown on error. + + + + Create a new resource manager object. + + The path to the resource manager. + The root if path is relative. + Desired access for the handle + Creation options flags. + Optional transaction manager to assign the resource manager to. + Resource manager GUID. + Optional description. + True to throw an exception on error. + The NT status code and object result. + + + + Create a new resource manager object. + + The path to the resource manager. + The root if path is relative. + Desired access for the handle + Creation options flags. + Optional transaction manager to assign the resource manager to. + Resource manager GUID. + Optional description. + The object result. + Thrown on error. + + + + Create a new volatile resource manager object. + + The path to the resource manager. + The root if path is relative. + Desired access for the handle + Optional transaction manager to assign the resource manager to. + Resource manager GUID. + The object result. + Thrown on error. + + + + Create a new volatile resource manager object. + + The path to the resource manager. + The root if path is relative. + Desired access for the handle + Optional transaction manager to assign the resource manager to. + The object result. + Thrown on error. + + + + Create a new volatile resource manager object. + + The path to the resource manager. + The root if path is relative. + Optional transaction manager to assign the resource manager to. + The object result. + Thrown on error. + + + + Create a new volatile resource manager object. + + The path to the resource manager. + Optional transaction manager to assign the resource manager to. + The object result. + Thrown on error. + + + + Create a new volatile resource manager object. + + Optional transaction manager to assign the resource manager to. + The object result. + Thrown on error. + + + + Opens an existing resource manager object. + + The object attributes + Desired access for the handle + Transaction manager which contains the resource manager. + Resource manager GUID. + True to throw an exception on error. + The NT status code and object result. + + + + Opens an existing resource manager object. + + The object attributes + Desired access for the handle + Transaction manager which contains the resource manager. + Resource manager GUID. + The object result. + Thrown on error. + + + + Recover the the transaction manager. + + True to throw on error. + The NT status code. + + + + Recover the the transaction manager. + + + + + Set an IO completion port on the resource manager. + + The IO completion port. + Associated completion key. + True to throw on error. + The NT status code. + + + + Set an IO completion port on the resource manager. + + The IO completion port. + Associated completion key. + + + + Get a notification synchronously. + + Optional timeout for getting the notification. + True to throw on error. + The transaction notification. + + + + Get a notification synchronously. + + Optional timeout for getting the notification. + The transaction notification. + + + + Get a notification synchronously waiting indefinetly. + + The transaction notification. + + + + Register protocol information. + + The ID of the protocol to register. + An opaque protocol buffer. + Optional create options. + True to throw on error. + The NT status code. + + + + Register protocol information. + + The ID of the protocol to register. + An opaque protocol buffer. + Optional create options. + + + + Complete propagation request. + + The cookie to identify the request. + An optional buffer to pass with the request. + True to throw on error. + The NT status code. + + + + Complete propagation request. + + The cookie to identify the request. + An optional buffer to pass with the request. + + + + Fail propagation request. + + The cookie to identify the request. + Optional NT status code for the failure. + True to throw on error. + The NT status code. + + + + Get a list of all accessible enlistment objects owned by this resource manager. + + The object attributes + The access for the enlistment objects. + The list of all accessible enlistment objects. + + + + Get a list of all accessible enlistment objects owned by this resource manager. + + The access for the enlistment objects. + The list of all accessible enlistment objects. + + + + Get a list of all accessible resource manager objects owned by this transaction manager. + + The list of all accessible resource manager objects. + + + + Create an enlistment in this resource manager. + + Desired access for the handle + The transaction to enlist. + Optional create options. + Notification mask. + Enlistment key returned during notification. + True to throw an exception on error. + The created enlistment and NT status code. + + + + Create an enlistment in this resource manager. + + Desired access for the handle + The transaction to enlist. + Optional create options. + Notification mask. + Enlistment key returned during notification. + The created enlistment. + + + + Create an enlistment in this resource manager. + + The transaction to enlist. + Notification mask. + Enlistment key returned during notification. + The created enlistment. + + + + Create an enlistment in this resource manager. + + The transaction to enlist. + Enlistment key returned during notification. + The created enlistment. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Get the resource manager ID. + + + + + Get the description for the resource manager. + + + + + A structure to return the result of an NT system call with status. + This allows a function to return both a status code and a result + without having to resort to out parameters. + + The result type. + + + + The NT status code. + + + + + The result of the NT call. + + + + + Get the result object or throw an exception if status code is an error. + + The result NT result. + Thrown if status code is an error. + + + + Get the result object or a default value if an error occurred. + + The default value to return. + The result or the default if an error occurred. + + + + Get the result object or a default value if an error occurred. + + The result or the default if an error occurred. + + + + Is the result successful. + + + + + Map result to a different type. + + The different type to map to. + A function to map the result. + The mapped result. + + + + Map result to a different type. + + The different type to map to. + A function to map the result. + The mapped result. + + + + Cast result to a different type. + + The different type to cast to. + The mapped result. + + + + Forward the result and check for an exception. + + True to throw on error. + The forwarded result. + + + + Dispose result. + + + + + Create a result from an error. + + The error status code. + True to throw on error. + The result. + + + + Create a result. + + + Create a new result. + + + + Conversion operator from T to object. + + The result to convert. + + + + Compression format for RtlDecompressBuffer. + + + + + Class to represent a NT Section object + + + + + Create an Image section object + + The object attributes for the image section. + The file to create the image section from + The opened section + Thrown on error. + + + + Create an Image section object + + The object name to use for the image section. + Root directory for the object. + The file to create the image section from + The opened section + Thrown on error. + + + + Create an Image section object + + The object name to use for the image section. + The file to create the image section from + The opened section + Thrown on error. + + + + Create an Image section object + + The file to create the image section from + The opened section + Thrown on error. + + + + Create a data section from a file. + + The file to create from. + The created section object. + + + + Create a section object + + The object attributes + The desired access + Optional size of the section + The section protection + The section attributes. The lower 5 bits can be used to specify the NUMA node. + Optional backing file + True to throw an exception on error. + The NT status code and object result. + + + + Create a section object + + The object attributes + The desired access + Optional size of the section + The section protection + The section attributes + Optional backing file + The opened section + Thrown on error. + + + + Create a section object + + The path to the section + The root if path is relative + The desired access + Optional size of the section + The section protection + The section attributes. The lower 5 bits can be used to specify the NUMA node. + Optional backing file + The opened section + Thrown on error. + + + + Create a section object + + Size of the section + The opened section + Thrown on error. + + + + Create a section object + + The object attributes + The desired access + Optional size of the section + The section protection + The section attributes + Optional backing file + Extended parameters for section create. + True to throw an exception on error. + The NT status code and object result. + + + + Create a section object + + The object attributes + The desired access + Optional size of the section + The section protection + The section attributes + Optional backing file + Extended parameters for section create. + The NT status code and object result. + + + + Open a section object + + The object attributes for the section + The desired access for the sections + True to throw an exception on error. + The NT status code and object result. + + + + Open a section object + + The object attributes for the section + The desired access for the sections + The opened section + + + + Open a section object + + The path to the section + Root object if the path is relative + The desired access for the sections + The opened section + + + + Unmap a section in a specified process. + + The process to unmap the section. + The base address to unmap. + Flags for unmapping memory. + True to throw on error. + The NT status code. + + + + Unmap a section in a specified process. + + The process to unmap the section. + The base address to unmap. + True to throw on error. + The NT status code. + + + + Unmap a section in the current process. + + The base address to unmap. + True to throw on error. + The NT status code. + + + + Unmap a section in a specified process. + + The process to unmap the section. + The base address to unmap. + Flags for unmapping memory. + + + + Unmap a section in a specified process. + + The process to unmap the section. + The base address to unmap. + + + + Unmap a section in the current process. + + The base address to unmap. + + + + Map section Read/Write into a specific process + + The process to map into + The mapped section + + + + Map section Read Only into a specific process + + The process to map into + The mapped section + + + + Map section Read/Write into a specific process + + The process to map into + True to throw on error. + The mapped section + + + + Map section Read Only into a specific process + + The process to map into + True to throw on error. + The mapped section + + + + Map section Read Only into a current process + + The mapped section + + + + Map section Read Only into a current process + + True to throw on error. + The mapped section + + + + Map section Read/Write into a current process + + The mapped section + + + + Map section Read/Write into a current process + + True to throw on error. + The mapped section + + + + Map section into a specific process + + The process to map into + The protection of the mapping + The mapped section + + + + Map section into a specific process + + The process to map into + The protection of the mapping + True to throw on error. + The mapped section + + + + Map section into a specific process + + The process to map into + The protection of the mapping + Optional base address + Number of zero bits. + Size of pages to commit. + Offset into the section. + Optional view size + Allocation type. + Section inheritance type. + True to throw on error. + The mapped section + + + + Map section into a specific process + + The process to map into + The protection of the mapping + Optional base address + Number of zero bits. + Size of pages to commit. + Offset into the section. + Optional view size + Allocation type. + Section inheritance type. + The mapped section + + + + Map section into a specific process + + The process to map into + The protection of the mapping + Optional base address + Optional view size + The mapped section + + + + Map section into a specific process + + The process to map into + The protection of the mapping + Optional base address + Optional view size + True to throw on error. + The mapped section + + + + Map section into the current process + + The protection of the mapping + The mapped section + + + + Extend the section to a new size. + + The new size to extend to. + True to throw on error. + The new size. + Thrown on error. + + + + Extend the section to a new size. + + The new size to extend to. + The new size. + Thrown on error. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Get the size of the section + + + + + Get the attributes of the section + + + + + Get section image information. + + + + + Get original section base address. + + + + + Get relocation address. + + + + + Static class to access NT security manager routines. + + + + + Looks up the account name of a SID. + + The system name to lookup the SID on. + The SID to lookup + True to throw on error. + The name. + + + + Looks up the account name of a SID. + + The SID to lookup + True to throw on error. + The name. + + + + Looks up the account name of a SID. + + The SID to lookup + The SID name. + Thrown if lookup fails. + + + + Looks up the account name of a SID. + + The SID to lookup + True to throw on error. + The name. + + + + Looks up the account name of a SID. + + The SID to lookup + The name, or null if the lookup failed + + + + Looks up a capability SID to see if it's already known. + + The capability SID to lookup + The name of the capability, null if not found. + + + + Lookup a SID from a username. + + The system name to lookup the SID on. + The username, can be in the form domain\account. + True to throw on error. + The Security Identifier + Thrown if account cannot be found. + + + + Lookup a SID from a username. + + The system name to lookup the SID on. + The username, can be in the form domain\account. + The Security Identifier + Thrown if account cannot be found. + + + + Lookup a SID from a username. + + The username, can be in the form domain\account. + The Security Identifier + Thrown if account cannot be found. + + + + Lookup the name of a process trust SID. + + The trust sid to lookup. + The name of the trust sid. null if not found. + Thrown if trust_sid is not a trust sid. + + + + Try and lookup the moniker associated with a package sid. + + The package sid. + Returns the moniker name. If not found returns null. + Thrown if SID is not a package sid. + + + + Lookup a device capability SID name if known. + + The SID to lookup. + Returns the device capability name. If not found returns null. + Thrown if SID is not a package sid. + + + + Convert a package SID to a capability. + + The package SID to convert. + The package SID as a capability. + + + + Convert a security descriptor to SDDL string + + The security descriptor + Indicates what parts of the security descriptor to include + The SDDL string + Thrown if cannot convert to a SDDL string. + + + + Convert a security descriptor to SDDL string + + The security descriptor + Indicates what parts of the security descriptor to include + True to throw on errror. + The SDDL string + Thrown if cannot convert to a SDDL string. + + + + Convert an SDDL string to a binary security descriptor + + The SDDL string + True to throw on error. + The binary security descriptor + Thrown if cannot convert from a SDDL string. + + + + Convert an SDDL string to a binary security descriptor + + The SDDL string + The binary security descriptor + Thrown if cannot convert from a SDDL string. + + + + Convert an SDDL string to a binary security descriptor + + The SDDL string + True to throw on error. + The binary security descriptor + Thrown if cannot convert from a SDDL string. + + + + Convert an SDDL string to a binary security descriptor + + The SDDL string + The binary security descriptor + Thrown if cannot convert from a SDDL string. + + + + Convert an SDDL SID string to a Sid + + The SDDL SID string + True to throw on error. + The converted Sid + Thrown if cannot convert from a SDDL string. + + + + Convert an SDDL SID string to a Sid + + The SDDL SID string + The converted Sid + Thrown if cannot convert from a SDDL string. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + This function returns a list of results rather than a single entry. It should only be used + with object types. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + True to throw on error. + The list of access check results. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + This function returns a list of results rather than a single entry. It should only be used + with object types. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + The list of access check results. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + True to throw on error. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + True to throw on error. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + True to throw on error. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + True to throw on error. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + The allowed access mask as a unsigned integer. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + The type specific generic mapping (get from corresponding NtType entry). + The allowed access mask as a unsigned integer. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the maximum allowed access. + + The security descriptor + The access token. + The type specific generic mapping (get from corresponding NtType entry). + The maximum allowed access mask as a unsigned integer. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the maximum allowed access. + + The security descriptor + The access token. + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + The maximum allowed access mask as a unsigned integer. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access. + + The security descriptor + The access token. + The set of access rights to check against + The type used to determine generic access mapping.. + The allowed access mask as a unsigned integer. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the maximum allowed access. + + The security descriptor + The access token. + The type used to determine generic access mapping.. + The allowed access mask as a unsigned integer. + Thrown if an error occurred in the access check. + + + + Get a security descriptor from a named object. + + The path to the resource (such as \BaseNamedObejct\ABC) + The type of resource, can be null to get the method to try and discover the correct type. + The named resource security descriptor. Returns null if can't open the resource. + + + + Do an access check between a security descriptor and a token to determine the allowed access and + audit the result. + + The name of the subsystem to audit. + The handle ID to audit. Used when issuing a close audit. + The object type name. + The name of the object. + Indicates if this is an object creation operation. + Type of audit. + Flags for the audit operation. + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + True to throw on error. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access and + audit the result. + + The name of the subsystem to audit. + The handle ID to audit. Used when issuing a close audit. + The object type name. + The name of the object. + Indicates if this is an object creation operation. + Type of audit. + Flags for the audit operation. + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access + and audit. This function returns a list of results rather than a single entry. It should only + be used with object types. + + The name of the subsystem to audit. + The handle ID to audit. Used when issuing a close audit. + The object type name. + The name of the object. + Indicates if this is an object creation operation. + Type of audit. + Flags for the audit operation. + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + True to throw on error. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Do an access check between a security descriptor and a token to determine the allowed access + and audit. This function returns a list of results rather than a single entry. It should only + be used with object types. + + The name of the subsystem to audit. + The handle ID to audit. Used when issuing a close audit. + The object type name. + The name of the object. + Indicates if this is an object creation operation. + Type of audit. + Flags for the audit operation. + The security descriptor + The access token. + The set of access rights to check against + An optional principal SID used to replace the SELF SID in a security descriptor. + The type specific generic mapping (get from corresponding NtType entry). + List of object types to check against. + The result of the access check. + Thrown if an error occurred in the access check. + + + + Get a SID for a specific mandatory integrity level. + + The mandatory integrity level. + The integrity SID + + + + Get a SID for a specific mandatory integrity level. + + The mandatory integrity level. + The integrity SID + + + + Checks if a SID is an integrity level SID + + The SID to check + True if an integrity SID + + + + Get the integrity level from an integrity SID + + The integrity SID + The token integrity level. + + + + Gets the SID for a service name. + + The service name. + The service SID. + Thrown on error. + + + + Checks if a SID is a service SID. + + The sid to check. + True if a service sid. + + + + Checks if a SID is a logon session SID. + + The sid to check. + True if a logon session sid. + + + + Checks if a SID is a process trust SID. + + The sid to check. + True if a process trust sid. + + + + Checks if a SID is a domain SID. + + The SID to check. + True if a domain SID. + + + + Checks if a SID is a domain SID and is a member of the local machine domain. + + The SID to check. + True if a domain SID. + + + + Checks if a SID is a capability SID. + + The sid to check. + True if a capability sid. + + + + Checks if a SID is a capbility group SID. + + The sid to check. + True if a capability group sid. + + + + Get a capability sid by name. + + The name of the capability. + True to throw on error. + The capability SID. + + + + Get a capability sid by name. + + The name of the capability. + The capability SID. + + + + Get a capability group sid by name. + + The name of the capability. + True to throw on error. + The capability SID. + + + + Get a capability group sid by name. + + The name of the capability. + The capability SID. + + + + Get the type of package sid. + + The sid to get type. + The package sid type, Unknown if invalid. + + + + Checks if a SID is a valid package SID. + + The sid to check. + True if a capability sid. + + + + Get the parent package SID for a child package SID. + + The child package SID. + The parent package SID. + Thrown if sid not a child package SID. + + + + Checks if a SID is a Scoped Policy ID SID. + + The SID to check. + True if a Scoped Policy ID SID. + + + + Converts conditional ACE data to an SDDL string + + The conditional application data. + True to throw on error. + The conditional ACE string. + + + + Converts conditional ACE data to an SDDL string + + The conditional application data. + The conditional ACE string. + + + + Converts a condition in SDDL format to an ACE application data. + + The condition in SDDL format. + The condition in ACE application data format. + + + + Evaluate a condition ACE expression. + + The Token to check against. + The conditional expression in SDDL format. + Specify resource attributes to add to the check. + True to throw on error. + True if the conditional expression was a success. + + + + Evaluate a condition ACE expression. + + The Token to check against. + The conditional expression in SDDL format. + True to throw on error. + True if the conditional expression was a success. + + + + Evaluate a condition ACE expression. + + The Token to check against. + The conditional expression in SDDL format. + Specify resource attributes to add to the check. + True if the conditional expression was a success. + + + + Evaluate a condition ACE expression. + + The Token to check against. + The conditional expression in SDDL format. + True if the conditional expression was a success. + + + + Evaluate a condition ACE expression. + + The Token to check against. + The conditional expression in binary format. + Specify resource attributes to add to the check. + True to throw on error. + True if the conditional expression was a success. + + + + Evaluate a condition ACE expression. + + The Token to check against. + The conditional expression in binary format. + True to throw on error. + True if the conditional expression was a success. + + + + Evaluate a condition ACE expression. + + The Token to check against. + The conditional expression in binary format. + Specify resource attributes to add to the check. + True if the conditional expression was a success. + + + + Evaluate a condition ACE expression. + + The Token to check against. + The conditional expression in binary format. + True if the conditional expression was a success. + + + + Get the cached signing level for a file. + + The handle to the file to query. + The cached signing level. + + + + Get the cached signing level for a file. + + The handle to the file to query. + True to throw on error. + The cached signing level. + + + + Get the cached singing level from the raw EA buffer. + + The EA buffer to read the cached signing level from. + The cached signing level. + Throw on error. + + + + Set the cached signing level for a file. + + The handle to the file to set the cache on. + Flags to set for the cache. + The signing level to cache + A list of source file for the cache. + Optional directory path to look for catalog files. + + + + Set the cached signing level for a file. + + The handle to the file to set the cache on. + Flags to set for the cache. + The signing level to cache + A list of source file for the cache. + Optional directory path to look for catalog files. + True to throw on error. + + + + Compare two signing levels. + + The current level. + The signing level to compare against. + True if the current level is above or equal to the signing level. + + + + Get readable name for a SID, if known. This covers sources of names such as LSASS lookup, capability names and package names. + + The SID to lookup. + True to bypass the internal cache and get the current name. + The name for the SID. Returns the SDDL form if no other name is known. + + + + Get readable name for a SID, if known. This covers sources of names such as LSASS lookup, capability names and package names. + + The SID to lookup. + The name for the SID. Returns the SDDL form if no other name is known. + This function will cache name lookups, this means the name might not reflect what's currently in LSASS if it's been changed. + + + + Add a SID name to the local name cache. + + The SID to add. + The SID's domain name. + The name of the account. + The name user value. + + + + Remove a SID name from the local cache. + + The SID to remove. + + + + Clear the SID name cache. + + + + + Get a logon session SID from an ID. + + The logon session ID. + The new logon session SID. + + + + Get a new logon session SID. + + The new logon session SID. + + + + Get session id from logon session SID. + + The logon session SID. + The logon session ID. + + + + Get security descriptor as a byte array + + Handle to the object to query. + What parts of the security descriptor to retrieve + True to throw on error. + The NT status result and security descriptor as a buffer. + + + + Set the object's security descriptor + + Handle to the object to set. + The security descriptor to set. + What parts of the security descriptor to set + True to throw on error. + The NT status result. + + + + Do a privilege check on a token. + + A handle to a token object. + The list of privileges to check. + True to require all necessary privileges. + True to throw on error. + The privilege check result. + + + + Get the access mask for querying a specific security information class. + + The information class. + The access mask for the information. + + + + Get the access mask for setting a specific security information class. + + The information class. + The access mask for the information. + + + + Get whether an ACE type is an allowed ACE type. + + The ACE type. + True if an allowed ACE type. + + + + Get whether an ACE type is a denied ACE type. + + The ACE type. + True if a denied ACE type. + + + + Get whether an ACE type is an object ACE type. + + The ACE type. + True if an object ACE type. + + + + Get whether an ACE type is an audit ACE type. + + The ACE type. + True if an audit ACE type. + + + + Get whether an ACE type is used int the SACL. + + The ACE type. + True if a system ACE type. + + + + Get whether an ACE type is a callback type. + + The ACE type. + True if a callback type. + + + + Convert an access rights type to a string. + + The access mask to convert + The enumeration type for the string conversion + Set to true to use SDK style names. + The string version of the access + + + + Convert an access rights type to a string. + + The access mask to convert + The enumeration type for the string conversion + The string version of the access + + + + Convert an access rights type to a string. + + The access mask to convert + The string version of the access + + + + Convert an access rights type to a string. + + The access mask to convert + Set to true to use SDK style names. + The string version of the access + + + + Convert an enumerable access rights to a string + + The access mask. + Enum type to convert to string. + Generic mapping for object type. + True to try and convert to generic rights where possible. + The string format of the access rights. Will return Full Access if not a generic access and has all rights and None if no access. + + + + Convert an enumerable access rights to a string + + The access mask. + Enum type to convert to string. + Generic mapping for object type. + True to try and convert to generic rights where possible. + Set to true to use SDK style names. + The string format of the access rights. Will return Full Access if not a generic access and has all rights and None if no access. + + + + Convert an ACE type to an SDK type string. + + The ACE type. + The ACE type as an SDK type string. + + + + Convert the ACE flags to an SDK type string. + + The ACE type as an SDK type string. + + + + Convert the security descriptor control flags to an SDK type string. + + The security descriptor control as an SDK type string. + + + + Get a Process Trust Level SID. + + The Trust Type. + The Trust Level. + The Process Trust Level SID. + + + + Generate audit event for an object open. + + The subsystem name. + Handle ID. + The typename of the object. + The name of the object. + The security descriptor set for the object. + The client token used to open the object. + Desired access for the open. + Granted access from the open. + Privileges used to open the object. + True if the object was created. + Specify whether access was granted. + True to throw on error. + A value indicating whether an event need to be generated on close. + + + + Generate audit event for an object open. + + The subsystem name. + Handle ID. + The typename of the object. + The name of the object. + The security descriptor set for the object. + The client token used to open the object. + Desired access for the open. + Granted access from the open. + Privileges used to open the object. + True if the object was created. + Specify whether access was granted. + A value indicating whether an event need to be generated on close. + + + + Generate audit event for an object close. + + The subsystem name. + Handle ID. + True indicates to generate on close. + True to throw on error. + The NT status code. + + + + Generate audit event for an object close. + + The subsystem name. + Handle ID. + True indicates to generate on close. + The NT status code. + + + + Generate audit event for an object deleted. + + The subsystem name. + Handle ID. + True indicates to generate on close. + True to throw on error. + The NT status code. + + + + Generate audit event for an object deleted. + + The subsystem name. + Handle ID. + True indicates to generate on close. + + + + Generate audit event for a privileges used with an object. + + The subsystem name. + Handle ID. + The client token used. + Desired access for the object. + Privileges used to open the object. + Specify whether access was granted. + True to throw on error. + The NT status code. + + + + Generate audit event for a privileges used with an object. + + The subsystem name. + Handle ID. + The client token used. + Desired access for the object. + Privileges used to open the object. + Specify whether access was granted. + + + + Generate audit event for a privileges used by a client. + + The subsystem name. + The client token used. + The name of the service. + Privileges used in the operation. + Specify whether access was granted. + True to throw on error. + The NT status code. + + + + Generate audit event for a privileges used by a client. + + The subsystem name. + The client token used. + The name of the service. + Privileges used in the operation. + Specify whether access was granted. + + + + Perform a capability check for a token. + + Specify the token handle. If null will use the effective token. + The name of the capability to check. + True to throw on error. + True if the token has the capability. + + + + Perform a capability check for a token. + + Specify the token handle. If null will use the effective token. + The name of the capability to check. + True if the token has the capability. + + + + Get GenericMapping for standard access rights. + + + + + Security information class for security descriptors. + + + + + ACE Flags. Note that the value isn't completely the same as + the real flags. + + + + + Class to represent a NT Semaphore object. + + + + + Create a semaphore object. + + The object attributes for the object + The desired access for the object + Initial count for semaphore + Maximum count for semaphore + True to throw an exception on error. + The NT status code and object result. + + + + Create a semaphore object. + + The object attributes for the object + The desired access for the object + Initial count for semaphore + Maximum count for semaphore + The opened object + + + + Create a semaphore object. + + The path to the object + The root if path is relative + Initial count for semaphore + /// Maximum count for semaphore + The opened object + + + + Open a semaphore object. + + The object attributes for the object + The desired access for the object + True to throw an exception on error. + The NT status code and object result. + + + + Open a semaphore object. + + The object attributes for the object + The desired access for the object + The opened object + + + + Open a semaphore object. + + The path to the object + The root if path is relative + The desired access for the object + The opened object + + + + Release the semaphore + + The release count + The previous count + + + + Release the semaphore + + The release count + True to throw an exception on error. + The previous count + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Current count of the semaphore. + + + + + Maximum count of the semaphore. + + + + + Semaphore access rights. + + + + + Class to represent a Session object + + + + + Open a session object. + + The object attributes + Desired access for the object + True to throw on error. + The open result. + + + + Open a session object. + + The object attributes + Desired access for the object + The open result. + + + + Open a session object. + + Name of the object + Optional root directory for lookup + Desired access for the object + The open result. + + + + NT status values + + + + + Class representing a NT SymbolicLink object + + + + + Create a symbolic link object. + + The path to the object + The root if path is relative + The desired access for the object + The target path + The opened object + + + + Create a symbolic link object. + + The object attributes for the object + The desired access for the object + The target path + True to throw an exception on error. + The NT status code and object result. + + + + Create a symbolic link object. + + The object attributes for the object + The desired access for the object + The target path + The opened object + + + + Create a symbolic link object. + + The path to the object + The root if path is relative + The target path + The opened object + + + + Create a symbolic link object. + + The path to the object + The target path + The opened object + + + + Open a symbolic link object. + + The path to the object + The root if path is relative + The desired access for the object + The opened object + + + + Open a symbolic link object. + + The path to the object + The root if path is relative + The desired access for the object + True to throw on error. + The opened object + + + + Open a symbolic link object. + + The object attributes for the object + The desired access for the object + True to throw an exception on error. + The NT status code and object result. + + + + Open a symbolic link object. + + The object attributes for the object + The desired access for the object + The opened object + + + + Open a symbolic link object. + + The path to the object + The root if path is relative + The opened object + + + + Open a symbolic link object. + + The path to the object + The opened object + + + + Resolve a symlink name to a final target. + + The name of the symlink to resolve. + True to throw on error. + The final target. + This function will return the last name which returns STATUS_OBJECT_TYPE_MISMATCH. Anything else is an error. + + + + Resolve a symlink name to a final target. + + The name of the symlink to resolve. + The final target. + This function will return the last name which returns STATUS_OBJECT_TYPE_MISMATCH. Anything else is an error. + + + + Get the symbolic link target. + + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Set access mask filter. + + The access mask to set. + True to throw on error. + The NT status code. + Needs SeTcbPrivilege. + + + + Set access mask filter. + + The access mask to set. + Needs SeTcbPrivilege. + + + + Set as a global link. + + True to throw on error. + The NT status code. + Needs SeTcbPrivilege. + + + + Set as a global link. + + Needs SeTcbPrivilege. + + + + Get the symbolic link target path. + + True to throw on error. + The target path. + + + + Class to access some NT system information + + + + + Get a list of handles + + A process ID to filter on. If -1 will get all handles + True to allow the handles returned to query for certain properties + True to force all file names to be queried. Otherwise limits to only DISK files. + The list of handles + The purpose of force_file_name to disable querying a file handle for its path unless it's on a FS volume. + This is because some non-file types can be in a locked state which causes the filename lookup to hang. + + + + Get a list of handles + + A process ID to filter on. If -1 will get all handles + True to allow the handles returned to query for certain properties + The list of handles + + + + Get a list of all handles + + The list of handles + + + + Get a list of threads for a specific process. + + The process ID to list. + True to throw on error. + The list of thread information. + + + + Get a list of threads for a specific process. + + The process ID to list. + The list of thread information. + + + + Get a list of all threads. + + The list of thread information. + + + + Get a list of all threads. + + The list of thread information. + + + + Get a list of threads for a specific process. + + The process ID to list. + True to throw on error. + The list of thread information. + + + + Get a list of threads for a specific process. + + The process ID to list. + The list of thread information. + + + + Get a list of all threads. + + The list of thread information. + + + + Get a list of all threads. + + The list of thread information. + + + + Get all process information for the system. + + The list of process information. + + + + Get all process information for the system. + + True to throw on error. + The list of process information. + + + + Get all process information for the system. + + The list of process information. + + + + Get all process information for the system. + + True to throw on error. + The list of process information. + + + + Get all process information for the system. + + The list of process information. + + + + Get all process information for the system. + + True to throw on error. + The list of process information. + + + + Get list of page filenames. + + The list of page file names. + + + + Create a kernel dump for current system. + + The path to the output file. + Flags + Page flags + + + + Query all system environment value names. + + A list of names of environment values + + + + Query all system environment value names and values. + + A list of names of environment values + + + + Query a single system environment value. + + The name of the value. + The associated vendor guid + True to throw on error. + The system environment value. + + + + Query a single system environment value. + + The name of the value. + The associated vendor guid + The system environment value. + + + + Set a system environment variable. + + The name of the variable. + The vendor GUID + The value to set + Attributes of the value + + + + Set a system environment variable. + + The name of the variable. + The vendor GUID + The value to set + Attributes of the value + + + + Set a system environment variable. + + The name of the variable. + The vendor GUID + The value to set + Attributes of the value + + + + Set a system environment variable. + + The name of the variable. + The vendor GUID + The value to set + Attributes of the value + + + + Allocate a LUID. + + The allocated LUID. + + + + Allocate a LUID. + + The allocated LUID. + + + + Get the addresses of a list of objects from the handle table and initialize the Address property. + + The list of objects to initialize. + + + + Get the address of an object in kernel memory from the handle table and initialize the Address property. + + The object. + + + + Get the address of an object in kernel memory from the handle table and initialize the Address property. + + The object. + Any remaining objects. + + + + Query whether a file is trusted for dynamic code. + + The handle to a file to query. + Pointer to a memory buffer containing the image. + The size of the in-memory buffer. + True if the file is trusted. + + + + Query whether a file is trusted for dynamic code. + + Pointer to a memory buffer containing the image. + The status code from the operation. Returns STATUS_SUCCESS is valid. + + + + Query whether a file is trusted for dynamic code. + + The handle to a file to query. + The status code from the operation. Returns STATUS_SUCCESS is valid. + + + + Set a file is trusted for dynamic code. + + The handle to a file to set. + The status code from the operation. + + + + Get list of root silos. + + The list of root silos. + + + + Set the ELAM certificate information. + + The signed file containing an ELAM certificate resource. + The NT status code. + + + + Query code integrity certificate information. + + The image file. + The type of check to make. + The NT status code. + + + + Query the image path from a process ID. + + The ID of the process. + True to throw on error. + The image path. + This method can be called without any permissions on the process. + + + + Query the image path from a process ID. + + The ID of the process. + The image path. + This method can be called without any permissions on the process. + + + + Get flags for isolated user mode. + + True to throw on error. + The ISO flags. + + + + Query a fixed structure from the object. + + The type of structure to return. + The information class to query. + A default value for the query. + True to throw on error. + The result of the query. + Thrown on error. + + + + Query a fixed structure from the object. + + The type of structure to return. + The information class to query. + A default value for the query. + The result of the query. + Thrown on error. + + + + Query a fixed structure from the object. + + The type of structure to return. + The information class to query. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The type of structure to return. + The information class to query. + A default value for the query. + True to throw on error. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The information class to query. + A buffer to initialize the initial query. Can be null. + True to throw on error. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The information class to query. + A buffer to initialize the initial query. Can be null. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The information class to query. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object and return as bytes. + + The information class to query. + A buffer to initialize the initial query. Can be null. + True to throw on error. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object and return as bytes. + + The information class to query. + A buffer to initialize the initial query. Can be null. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object and return as bytes. + + The information class to query. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The type of structure to return. + The information class to query. + A default value for the query. + The result of the query. + Thrown on error. + + + + Query a variable buffer from the object. + + The type of structure to return. + The information class to query. + The result of the query. + Thrown on error. + + + + Set a value to the object. + + The type of structure to set. + The information class to set. + The value to set. If you specify a SafeBuffer then it'll be passed directly. + True to throw on error. + The NT status code of the set. + Thrown on error. + + + + Set a value to the object. + + The type of structure to set. + The information class to set. + The value to set. + The NT status code of the set. + Thrown on error. + + + + Set a value to the object from a buffer. + + The information class to set. + The value to set. + True to throw on error. + The NT status code of the set. + Thrown on error. + + + + Set a value to the object from a buffer.. + + The information class to set. + The value to set. + The NT status code of the set. + Thrown on error. + + + + Set a raw value to the object. + + The information class to set. + The raw value to set. + True to throw on error. + The NT status code of the set. + Thrown on error. + + + + Set a raw value to the object. + + The information class to set. + The raw value to set. + The NT status code of the set. + Thrown on error. + + + + Draw text on the background. + + The text to draw. + True to throw on error. + The NT status code. + + + + Draw text on the background. + + The text to draw. + + + + Display a string. + + The text to display. + True to throw on error. + The NT status code. + + + + Display a string. + + The text to display. + + + + Load a driver. + + The name of the driver service. + True to throw on error. + The NT status code. + + + + Unload a driver. + + The name of the driver service. + True to throw on error. + The NT status code. + + + + Get kernel modules. + + True to throw on error. + The list of kernel modules. + + + + Get kernel modules. + + The list of kernel modules. + + + + Get whether the kernel debugger is enabled. + + + + + Get whether the kernel debugger is not present. + + + + + Get current code integrity option settings. + + + + + Get code integrity policy. + + + + + Get code integrity unlock information. + + + + + Get all code integrity policies. + + + + + Get whether secure boot is enabled. + + + + + Get whether system supports secure boot. + + + + + Extract the secure boot policy. + + + + + Get system timer resolution. + + + + + Get system page size. + + + + + Get number of physical pages. + + + + + Get lowest page number. + + + + + Get highest page number. + + + + + Get allocation granularity. + + + + + Get minimum user mode address. + + + + + Get maximum user mode address. + + + + + Get active processor affinity mask. + + + + + Get number of processors. + + + + + Get system device information. + + + + + Get the system processor information. + + + + + Get the system emulation processor information. + + + + + Get the Isolated User Mode flags. + + + + + Get the NT product type. + + + + + + Get OS version info, + + + + + Get whether this is a multi-session SKU. + + True if multi-session. + + + + Get whether this there are multiple users in a session. + + True if multi-session. + + + + Query the system elevation flags. + + + + + Class to represent a NT Thread object + + + + + Create a new thread in a process. + + The object attributes for the thread object. + Desired access for the handle. + Process to create the thread in. + Address of the start routine. + Argument to pass to the thread. + Creation flags. + Zero bits for the stack address. + Size of the committed stack. + Maximum reserved stack size. + Optional attribute list. + True to throw on error + The created thread object. + This creates a native thread, not a Win32 thread. This might cause unexpected things to fail as they're not initialized. + + + + Create a new thread in a process. + + The object attributes for the thread object. + Desired access for the handle. + Process to create the thread in. + Address of the start routine. + Argument to pass to the thread. + Creation flags. + Zero bits for the stack address. + Size of the committed stack. + Maximum reserved stack size. + Optional attribute list. + The created thread object. + This creates a native thread, not a Win32 thread. This might cause unexpected things to fail as they're not initialized. + + + + Create a new thread in a process. + + Process to create the thread in. + Address of the start routine. + Argument to pass to the thread. + Creation flags. + Size of the committed stack. + True to throw on error + The created thread object. + This creates a native thread, not a Win32 thread. This might cause unexpected things to fail as they're not initialized. + + + + Create a new thread in a process. + + Process to create the thread in. + Address of the start routine. + Argument to pass to the thread. + Creation flags. + Size of the committed stack. + The created thread object. + This creates a native thread, not a Win32 thread. This might cause unexpected things to fail as they're not initialized. + + + + Open a thread + + The process ID containing the thread. + The thread ID to open + The desired access for the handle + True to throw an exception on error. + The NT status code and object result. + + + + Open a thread + + The thread ID to open + The desired access for the handle + True to throw an exception on error. + The NT status code and object result. + + + + Open a thread + + The process ID containing the thread. + The thread ID to open + The desired access for the handle + The NT status code and object result. + + + + Open a thread + + The thread ID to open + The desired access for the handle + The opened object + + + + Gets all accessible threads on the system. + + The desired access for each thread. + Get the thread list from system information. + The list of accessible threads. + + + + Gets all accessible threads on the system. + + The desired access for each thread. + The list of accessible threads. + + + + Get first thread for process. + + The process handle to get the threads. + The desired access for the thread. + The first thread, or null if no more available. + + + + Sleep the current thread + + Set if the thread should be alertable + The delay, negative values indicate relative times. + True to throw on error. + STATUS_ALERTED if the thread was alerted, other success or error code. + + + + Sleep the current thread + + Set if the thread should be alertable + The delay, negative values indicate relative times. + True if the thread was alerted before the delay expired. + + + + Sleep the current thread + + Set if the thread should be alertable + The delay, negative values indicate relative times. + True if the thread was alerted before the delay expired. + + + + Sleep the current thread for a specified number of milliseconds. + + The delay in milliseconds. + True if the thread was alerted before the delay expired. + + + + Open an actual handle to the current thread rather than the pseudo one used for Current + + The thread object + + + + Set the work on behalf ticket. + + The ticket to set. + True to throw on error. + The status code from the set. + + + + Set the work on behalf ticket. + + The ticket to set. + + + + Set the work on behalf ticket. + + The ticket to set. + True to throw on error. + The status code from the set. + + + + Set the work on behalf ticket. + + The ticket to set. + + + + Set the work on behalf ticket. + + The thread ID. + True to throw on error. + The NT status. + + + + Set the work on behalf ticket. + + The thread ID. + + + + Test alert status for the current thread. + + True to throw on error. + The NT status code. + + + + Test alert status for the current thread. + + + + + Attach a silo container to the current thread. + + The silo to attach. + True to throw on error. + The thread impersonation context. + + + + Attach a silo container to the current thread. + + The silo to attach. + The thread impersonation context. + + + + Detach container from the current thread. + + True to throw on error. + The NT status code. + + + + Detach container from the current thread. + + + + + Get XOR key for the work-on-behalf ticket. + + True to throw on error. + The XOR key. + + + + Get the current thread. + + This only uses the pseudo handle, for the thread. You can't use it in different threads. If you need to do that use OpenCurrent. + + + + + Get or set the work on behalf ticket for the current thread. + + + + + Get the work on behalf ticket xor key. + + + + + Reopen object with different access rights. + + The desired access. + Additional attributes for open. + True to throw on error. + The reopened object. + + + + Resume the thread. + + True to throw on error. + The suspend count + + + + Resume the thread. + + The suspend count + + + + Suspend the thread. + + True to throw on error. + The suspend count + + + + Suspend the thread + + The suspend count + + + + Terminate the thread + + True to throw on error. + The thread status exit code + The NT status code. + + + + Terminate the thread + + The thread status exit code + + + + Wake the thread from an alertable state. + + True to throw on error. + The NT status code. + + + + Wake the thread from an alertable state. + + + + + Wake the thread from an alertable state and resume the thread. + + True to throw on error. + The previous suspend count for the thread. + + + + Wake the thread from an alertable state and resume the thread. + + The previous suspend count for the thread. + + + + Hide the thread from debug events. + + True to throw on error. + The NT status code. + + + + Hide the thread from debug events. + + + + + The set the thread's impersonation token + + The impersonation token to set + True to throw on error. + The NT status code. + + + + The set the thread's impersonation token + + The impersonation token to set + + + + Impersonate the anonymous token + + True to throw on error. + The impersonation context. Dispose to revert to self + + + + Impersonate the anonymous token + + The impersonation context. Dispose to revert to self + + + + Impersonate a token + + True to throw on error. + The token to impersonate. + The impersonation context. Dispose to revert to self + + + + Impersonate a token + + The token to impersonate. + The impersonation context. Dispose to revert to self + + + + Impersonate another thread. + + The thread to impersonate. + The impersonation security quality of service. + True to throw on error. + The imperonsation context. Dispose to revert to self. + + + + Impersonate another thread's security context. + + The thread to impersonate. + The impersonation level for the token. + True to throw on error. + The imperonsation context. Dispose to revert to self. + + + + Impersonate another thread's security context. + + The thread to impersonate. + The impersonation level for the token. + The imperonsation context. Dispose to revert to self. + + + + Impersonate another thread's security context at impersonation level. + + The thread to impersonate. + True to throw on error. + The imperonsation context. Dispose to revert to self. + + + + Impersonate another thread's security context at impersonation level. + + The thread to impersonate. + The imperonsation context. Dispose to revert to self. + + + + Open the thread's token + + The token, null if no token available + + + + Queue a special user APC to the thread. + + The APC callback pointer. + Context parameter. + System argument 1. + System argument 2. + True to throw on error. + The NT status code. + + + + Queue a special user APC to the thread. + + The APC callback pointer. + Context parameter. + System argument 1. + System argument 2. + The NT status code. + + + + Queue a special user APC to the thread. + + The APC callback pointer. + Context parameter. + System argument 1. + System argument 2. + True to throw on error. + The NT status code. + + + + Queue a special user APC to the thread. + + The APC callback pointer. + Context parameter. + System argument 1. + System argument 2. + The NT status code. + + + + Queue a user APC to the thread. + + The APC callback pointer. + Context parameter. + System argument 1. + System argument 2. + True to throw on error. + The NT status code. + + + + Queue a user APC to the thread. + + The APC callback pointer. + Context parameter. + System argument 1. + System argument 2. + + + + Queue a user APC to the thread. + + The APC callback delegate. + Context parameter. + System argument 1. + System argument 2. + True to throw on error. + The NT status code. + This is only for APCs in the current process. You also must ensure the delegate is + valid at all times as this method doesn't take a reference to the delegate to prevent it being + garbage collected. + + + + Queue a user APC to the thread. + + The APC callback delegate. + Context parameter. + System argument 1. + System argument 2. + This is only for APCs in the current process. You also must ensure the delegate is + valid at all times as this method doesn't take a reference to the delegate to prevent it being + garbage collected. + + + + Get next thread for process relative to current thread. + + The process handle to get the threads. + The desired access for the thread. + The next thread, or null if no more available. + + + + Get the thread context. + + Flags for context parts to get. + True to throw on error. + An instance of an IContext object. Needs to be cast to correct type to access. + + + + Get the thread context. + + Flags for context parts to get. + An instance of an IContext object. Needs to be cast to correct type to access. + + + + Set the thread's context. + + The thread context to set. + True to throw on error. + The NT status code. + + + + Set the thread's context. + + The thread context to set. + + + + Get current waiting server information. + + True to throw on error. + The thread ALPC server information. + + + + Get current waiting server information. + + The thread ALPC server information. + + + + Get the process ID associated with the thread. + + True to throw on error. + The process ID. + + + + Get the thread ID. + + True to throw on error. + The thread ID. + + + + Cancel all synchronous IO for this thread. + + True to throw on error. + The NT status. + + + + Get a partial TEB for the thread. + + The partial TEB. + + + + Get the work on behalf ticket for a thread. + + True to throw on error. + The work on behalf ticket. + + + + Get the work on behalf ticket for a thread. + + The work on behalf ticket. + + + + Get the effective container ID for the thread. + + True to throw on error. + The effective container ID. + + + + Get priority boost disable value. + + True to throw on error. + True if priority base + + + + Set priority boost disable value. + + True to disable priority boost. + True to throw on error. + The NT status code. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Get thread ID + + + + + Get process ID + + + + + Get name of process. + + + + + Get or set the thread's current priority + + + + + Get or set the thread's base priority + + + + + Get or set the thread's affinity mask. + + + + + Get the thread's TEB base address. + + + + + Get or set whether thread is allowed to create dynamic code. + + Set can only be done on the current thread. + + + + Get whether thread is impersonating another token. + + Note that this tries to open the thread's token and return true if it could open. A return of false + might just indicate that the caller doesn't have permission to open the token, not that it's not impersonating. + + + + Get name of the thread. + + + + + Get or set a thread's description. + + + + + Get the Win32 start address for the thread. + + + + + Get the current Instruction Pointer for the thread. + + + + + Get last system call on the thread. + + + + + Get the thread's suspend count. + + + + + Get whether the thread has pending IO. + + + + + Get the creation time of the thread. + + + + + Get the exit time of the thread (0 if not exited) + + + + + Get the time spent in the kernel. + + + + + Get the time spent in user mode. + + + + + Get thread information. + + + + + Get thread exit status. + + + + + Get thread exit status. + + + + + Get the effective container ID. + + Should be called on the current thread psuedo handle. + + + + Get or set priority boost disabled. + + + + + Delegate for APC callbacks. + + Context parameter. + System argument 1. + System argument 2. + + + + Class to represent an NT Timer object + + + + + Create a timer object + + The path to the event + The root object for relative path names + The type of the timer. + The timer object + + + + Create a timer object + + The timer object attributes + The type of the event + The desired access for the timer + The timer object + + + + Create a timer object + + The timer object attributes + The type of the timer + The desired access for the timer + True to throw an exception on error. + The NT status code and object result. + + + + Create a timer object + + The path to the timer + The type of the timer + The timer object + + + + Create a timer object + + The type of the timer + The timer object + + + + Create a timer object + + The timer object + + + + Open a timer object + + The path to the timer + The root object for relative path names + The desired access for the timer + The timer object + + + + Open a timer object + + The path to the timer + The root object for relative path names + The desired access for the timer + True to throw on error. + The timer object + + + + Open a timer object + + The timer object attributes + The desired access for the timer + The timer object. + + + + Open a timer object + + The event object attributes + The desired access for the timer + True to throw an exception on error. + The NT status code and object result. + + + + Open a timer object + + The path to the timer + The root object for relative path names + The timer object + + + + Open a timer object + + The path to the timer + The timer object + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Set timer state. + + The due time for the timer. + Optional APC routine. + Optional APC context pointer. + True to resume. + Period time. + True throw on error. + The NT result and previous state. + + + + Set timer state. + + The due time for the timer. + Optional APC routine. + Optional APC context pointer. + True to resume. + Period time. + The previous state. + + + + Set timer state. + + The due time for the timer. + The previous state. + + + + Set timer state in milliseconds. + + The due time for the timer in milliseconds. + The previous state. + + + + Cancel the timer. + + True to throw on error. + The previous state. + + + + Cancel the timer. + + The previous state. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Remaining time for the timer. + + + + + Signal state of the timer. + + + + + Delegate for Timer APC callbacks. + + Context parameter. + Low value of timer. + High value of timer. + + + + Enumeration for querying group list using QueryGroups. + + + + + The default group list. + + + + + The restrict group list. + + + + + The capability group list. + + + + + The device group list. + + + + + The restricted device list. + + + + + Specify type of security attributes to query. + + + + + Local security attributes. + + + + + User security attributes. + + + + + Restricted user security attributes. + + + + + Device security attributes. + + + + + Restricted device security attributes. + + + + + Singleton device security attributes. + + + + + Data from the TSA://ProcUnique security attribute. + + + + + The index entry for the process. + + + + + The value for the entry. + + + + + Class representing a Token object + + + + + Duplicate token as specific type. + + The token type + The impersonation level us type is Impersonation + Open with the desired access. + The object attributes for the token. + The security descriptor for the token. + If true then throw an exception on error. + The new token + Thrown on error + + + + Duplicate token as specific type. + + The token type + The impersonation level us type is Impersonation + Open with the desired access. + The object attributes for the token. + The security descriptor for the token. + The new token + Thrown on error + + + + Duplicate token as specific type. + + The token type + The impersonation level us type is Impersonation + Open with the desired access. + If true then throw an exception on error. + The new token + Thrown on error + + + + Duplicate token as specific type + + The token type + The impersonation level us type is Impersonation + Open with the desired access. + The new token + Thrown on error + + + + Duplicate the token as the same token type. + + The new token. + Thrown on error + + + + Duplicate the token as the same token type. + + True to throw on error. + The new token. + Thrown on error + + + + Duplicate token as an impersonation token with a specific level + + The token impersonation level + The new token + Thrown on error + + + + Set a privilege state + + The name of the privilege (e.g. SeDebugPrivilege) + True to enable the privilege, false to disable + True to throw on error. + True if successfully changed the state of the privilege + + + + Set a privilege state + + The name of the privilege (e.g. SeDebugPrivilege) + True to enable the privilege, false to disable + True if successfully changed the state of the privilege + + + + Set a privilege state + + The luid of the privilege + The privilege attributes to set. + True to throw on error. + True if successfully changed the state of the privilege + + + + Set a privilege state + + The luid of the privilege + The privilege attributes to set. + True if successfully changed the state of the privilege + + + + Set a privilege state + + The value of the privilege + The privilege attributes to set. + True to throw on error. + True if successfully changed the state of the privilege + + + + Set a privilege state + + The value of the privilege + The privilege attributes to set. + True if successfully changed the state of the privilege + + + + Remove a privilege. + + The value of the privilege to remove. + True if successfully removed the privilege. + + + + Remove a privilege. + + The LUID of the privilege to remove. + True if successfully removed the privilege. + + + + Create a LowBox token from the current token. + + The package SID + The created LowBox token. + Thrown on error. + + + + Create a LowBox token from the current token. + + The package SID + List of handles to capture with the token + The created LowBox token. + Thrown on error. + + + + Create a LowBox token from the current token. + + The package SID + List of handles to capture with the token + List of capability sids to add. + Desired token access. + The created LowBox token. + Thrown on error. + + + + Filter a token to remove groups/privileges and add restricted SIDs + + Filter token flags + List of SIDs to disable + List of privileges to delete + List of restricted SIDs to add + The new token. + + + + Filter a token to remove groups/privileges and add restricted SIDs + + Filter token flags + List of SIDs to disable + List of privileges to delete + List of restricted SIDs to add + The new token. + + + + Filter a token to remove privileges and groups. + + Filter token flags + The new filtered token. + + + + Set the state of a group + + The group SID to set + The attributes to set + + + + Set the state of a group + + The group SID to set + The attributes to set + True to throw on error. + The NT status code. + + + + Set the state of a group + + The groups to set + The attributes to set + True to throw on error. + The NT status code. + + + + Set the state of a group + + The groups to set + The attributes to set + + + + Reset all groups to their default state. + + True to throw on error. + The NT status code. + + + + Reset all groups to their default state. + + + + + Set the session ID of a token + + The session ID + + + + Set a token's default DACL + + The DACL to set. + + + + Set the origin logon session ID. + + The origin logon session ID. + + + + Set virtualization enabled + + True to enable virtualization + True to throw on error. + + + + Set virtualization enabled + + True to enable virtualization + + + + Set UI Access flag. + + True to enable UI Access. + + + + Get the linked token + + True to throw on error. + The linked token + + + + Get the linked token + + The linked token + + + + Set the linked token. + + The token to set. + Requires SeCreateTokenPrivilege. + + + + Impersonate the token. + + An impersonation context, dispose to revert to process token + Thrown on error. + + + + Impersonate the token. + + Impersonation level for token. + An impersonation context, dispose to revert to process token + Thrown on error. + + + + Run a function under impersonation. + + The return type. + The callback to run. + The return value from the callback. + Thrown on error. + + + + Run an action under impersonation. + + The callback to run. + Thrown on error. + + + + Run a function under impersonation. + + The return type. + The callback to run. + Impersonation level for token. + The return value from the callback. + Thrown on error. + + + + Run an action under impersonation. + + The callback to run. + Impersonation level for token. + Thrown on error. + + + + Get a security attribute by name. + + Specify the type of security attributes to query. + The name of the security attribute, such as WIN://PKG + The expected type of the security attribute. If None return ignore type check. + The security attribute or null if not found. + + + + Get a security attribute by name. + + The name of the security attribute, such as WIN://PKG + The expected type of the security attribute. If None return ignore type check. + The security attribute or null if not found. + + + + Get a security attribute by name. + + The name of the security attribute, such as WIN://PKG + The security attribute or null if not found. + + + + Get token's security attributes + + Specify the type of security attributes to query. + Throw on error. + The security attributes. + + + + Get token's security attributes. + + Throw on error. + The security attributes. + + + + Get token's security attributes + + Specify the type of security attributes to query. + The security attributes. + + + + Get token's security attributes + + The security attributes. + + + + Set security attributes on the token. + + The list of attributes. + The operation to perform on the attribute. + Throw on error. + The array of attributes aand operations must be the same size. You need SeTcbPrivilege to call this API. + The NT Status code. + + + + Set security attributes on the token. + + The list of attributes. + The operation to perform on the attribute. + The array of attributes aand operations must be the same size. You need SeTcbPrivilege to call this API. + + + + Add security attributes to the token. + + The list of attributes. + Throw on error. + You need SeTcbPrivilege to call this API. + The NT Status code. + + + + Add security attributes to the token. + + The list of attributes. + You need SeTcbPrivilege to call this API. + + + + Replace security attributes in the token. + + The list of attributes. + Throw on error. + You need SeTcbPrivilege to call this API. + The NT Status code. + + + + Replace security attributes in the token. + + The list of attributes. + You need SeTcbPrivilege to call this API. + + + + Replace all security attributes in the token. + + The list of attributes. + Throw on error. + You need SeTcbPrivilege to call this API. + The NT Status code. + + + + Replace security attributes in the token. + + The list of attributes. + You need SeTcbPrivilege to call this API. + + + + Remove security attributes by name. + + The attribute names to remove. + Throw on error. + The NT Status code. + + + + Remove security attributes by name. + + The attribute names to remove. + + + + Set the token's integrity level. + + The level to set. + + + + Set the token's integrity level. + + The level to set. + + + + Get the state of a privilege. + + The privilege to get the state of. + The privilege, or null if it can't be found + Thrown if can't query privileges + + + + Get the state of a privilege. + + The privilege to get the state of. + The privilege, or null if it can't be found + True to throw on error + Thrown if can't query privileges + + + + Compare two tokens. + + The other token to compare. + True if tokens are equal. + + + + Get the App Policy for this token. + + The type of app policy. + The policy value. + + + + Disable No Child process policy on the token. + + Needs SeTcbPrivilege. + + + + Query a list of groups from the token. + + The type of groups to query. + True to throw on error. + The list of groups. + + + + Query a list of groups from the token. + + The type of groups to query. + The list of groups. + + + + Get the user from the token. + + True to throw on error. + The user group information. + + + + Do a privilege check on a token. + + The list of privileges to check. + True to require all necessary privileges. + True to throw on error. + The privilege check result. + + + + Do a privilege check on a token. + + The list of privileges to check. + True to require all necessary privileges. + The privilege check result. + + + + Do a privilege check on a token. + + The list of privileges to check. + True to require all necessary privileges. + True to throw on error. + The privilege check result. + + + + Do a privilege check on a token. + + The list of privileges to check. + True to require all necessary privileges. + The privilege check result. + + + + Do a privilege check for a single privilege. + + The privilege to check. + True if the privilege is enabled. + + + + Do a privilege check for a single privilege. + + The privilege to check. + True if the privilege is enabled. + + + + Get token privileges. + + True to throw on error. + The list of privileges. + + + + Perform a capability check for a token. + + The name of the capability to check. + True to throw on error. + True if the token has the capability. + + + + Perform a capability check for a token. + + The name of the capability to check. + True if the token has the capability. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Get the logon SID for the token. + + True to throw on error. + The logon SID. + + + + Get token user + + + + + Get token groups + + + + + Get list of enabled groups. + + + + + Get list of deny only groups. + + + + + Get count of groups in this token. + + + + + Get the authentication ID for the token + + + + + Get the token's type + + + + + Get the token's expiration time. + + + + + Get the Token's Id + + + + + Get the Token's modified Id. + + + + + Get/set the token's owner. + + + + + Get/set the token's primary group + + + + + Get/set the token's default DACL + + + + + Get the token's source + + + + + Get token's restricted sids + + + + + Get count of restricted sids + + + + + Get token's impersonation level + + + + + Get/set token's session ID + + + + + Get whether token has sandbox inert flag set. + + + + + Get/set token's origin + + + + + Get token's elevation type + + + + + Get whether token is elevated + + + + + Get whether token has restrictions + + + + + Get/set token UI access flag + + + + + Get or set whether virtualization is allowed + + + + + Get/set whether virtualization is enabled + + + + + Get whether token is restricted + + + + + Get whether token is write restricted. + + + + + Get whether token is filtered. + + + + + Get whether token is not low. + + + + + Token access flags. + + + + + Get whether token can be used for new child processes. + + + + + Get token capabilities. + + + + + Get or set the token mandatory policy + + + + + Get token logon sid + + + + + Get token's integrity level sid + + + + + Get token's App Container number. + + + + + Get or set token's integrity level. + + + + + Get token's security attributes + + + + + Get token's device claims. + + + + + Get token's user claims. + + + + + Get token's restricted user claims. + + Unsupported, at least on Windows 10. + + + + Get token's restricted user claims. + + Unsupported, at least on Windows 10. + + + + Get whether a token is an AppContainer token + + + + + Get whether the token is configured for low privilege. + + + + + Get token's AppContainer sid + + + + + Get token's AppContainer package name (if available). + Returns an empty string if not an AppContainer. + + + + + Get token's device groups + + + + + Get token's restricted device groups. + + + + + Get list of privileges for token + + The list of privileges + Thrown if can't query privileges + + + + Get full path to token + + + + + Get the token's trust level. Will be null if no trust level present. + + + + + Returns true if this is a pseudo token. + + + + + Get whether this token is a sandboxed token. + + + + + Query the token's full package name. + + + + + Query the token's appid. + + + + + Get the list of policies for this App. + + + + + Get the list of policies for this App in a table. + + + + + Get the BaseNamedObjects isolation prefix if enabled. + + + + + Get the token's package identity. + + + + + Get or set the token audit policy. + + Needs SeSecurityPrivilege to query and SeTcbPrivilege to set. + + + + Get or set if token is in a private namespace. + + + + + Get if the token is restricted. + + + + + Get the TSA://ProcUnique attribute. + + + + + Enable debug privilege for the current process token. + + True if set the debug privilege + + + + Enable a privilege of the effective token. + + The privilege to enable. + True if set the privilege. + + + + Open the process token of another process + + The process to open the token for + The desired access for the token + Attribute flags for the handle. + If true then throw an exception on error. + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The process to open the token for + The desired access for the token + Attribute flags for the handle. + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The process to open the token for + The desired access for the token + If true then throw an exception on error. + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The process to open the token for + The desired access for the token + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The process to open the token for + True to duplicate the token before returning + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The process to open the token for + True to duplicate the token before returning + The desired access for the token + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The process to open the token for + True to duplicate the token before returning + The desired access for the token + True to throw on error. + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The process to open the token for + The opened token + Thrown if cannot open token + + + + Open the process token of the current process + + The opened token + Thrown if cannot open token + + + + Open the process token of the current process + + True to duplicate the token before returning + The opened token + Thrown if cannot open token + + + + Open the process token of the current process + + True to duplicate the token before returning + The desired access for the token + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The id of the process to open the token for + True to duplicate the token before returning + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The id of the process to open the token for + True to duplicate the token before returning + The desired access for the token + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The id of the process to open the token for + True to duplicate the token before returning + The desired access for the token + True to throw on error. + The opened token + Thrown if cannot open token + + + + Open the process token of another process + + The id of the process to open the token for + The opened token + Thrown if cannot open token + + + + Open the thread token + + The thread to open the token for + Open the token as the current identify rather than the impersonated one + The desired access for the token + If true then throw an exception on error. + The opened token result + Thrown if cannot open token + + + + Open the thread token + + The thread to open the token for + Open the token as the current identify rather than the impersonated one + True to duplicate the token before returning. + The desired access for the token + True to throw on error. + The opened token, if no token return null + Thrown if cannot open token + + + + Open the thread token + + The thread to open the token for + Open the token as the current identify rather than the impersonated one + True to duplicate the token before returning + The desired access for the token + The opened token, if no token return null + Thrown if cannot open token + + + + Open the thread token + + The ID of the thread to open the token for + Open the token as the current identify rather than the impersonated one + True to duplicate the token before returning + The desired access for the token + The opened token, if no token return null + Thrown if cannot open token + + + + Open the thread token + + The thread to open the token for + Open the token as the current identify rather than the impersonated one + True to duplicate the token before returning + The opened token, if no token return null + Thrown if cannot open token + + + + Open the thread token + + The thread to open the token for + The opened token, if no token return null + Thrown if cannot open token + + + + Open the current thread token + + True to duplicate the token before returning + The opened token, if no token return null + Thrown if cannot open token + + + + Open the current thread token + + The opened token, if no token return null + Thrown if cannot open token + + + + Open the effective token, thread if available or process + + The thread to open the token for + True to duplicate the token before returning + Desired access for token. + Open token as self. + True to throw on error. + The opened token + Thrown if cannot open token + + + + Open the effective token, thread if available or process + + The thread to open the token for + True to duplicate the token before returning + Desired access for token. + Open token as self. + The opened token + Thrown if cannot open token + + + + Open the effective token, thread if available or process + + The thread to open the token for + True to duplicate the token before returning + True to throw on error. + The opened token + Thrown if cannot open token + + + + Open the effective token, thread if available or process + + The thread to open the token for + True to duplicate the token before returning + The opened token + Thrown if cannot open token + + + + Open the current effective token, thread if available or process + + The opened token + Thrown if cannot open token + + + + Open the current effective token, thread if available or process + + True to throw on error. + The opened token + Thrown if cannot open token + + + + Create a token. Needs SeCreateTokenPrivilege. + + The desired access for the token. + Object attributes, used to pass SecurityDescriptor or SQOS for impersonation token. + The type of token. + The authentication ID for the token. + The expiration time for the token. + The user for the token. + The groups for the token. + The privileges for the token. + The owner of the token. + The primary group for the token. + The default dacl for the token. + The source for the token. + Optional device attributes. + Optional device groups. + Optional mandatory policy. + Optional user attributes. + True to throw on error. + The token object. + + + + Create a token. Needs SeCreateTokenPrivilege. + + The desired access for the token. + Object attributes, used to pass SecurityDescriptor or SQOS for impersonation token. + The type of token. + The authentication ID for the token. + The expiration time for the token. + The user for the token. + The groups for the token. + The privileges for the token. + The owner of the token. + The primary group for the token. + The default dacl for the token. + The source for the token. + Optional device attributes. + Optional device groups. + Optional mandatory policy. + Optional user attributes. + The token object. + + + + Create a token. Needs SeCreateTokenPrivilege. + + The desired access for the token. + Object attributes, used to pass SecurityDescriptor or SQOS for impersonation token. + The type of token. + The authentication ID for the token. + The expiration time for the token. + The user for the token. + The groups for the token. + The privileges for the token. + The owner of the token. + The primary group for the token. + The default dacl for the token. + The source for the token. + True to throw on error. + The token object. + + + + Create a token. Needs SeCreateTokenPrivilege. + + The desired access for the token. + Object attributes, used to pass SecurityDescriptor or SQOS for impersonation token. + The type of token. + The authentication ID for the token. + The expiration time for the token. + The user for the token. + The groups for the token. + The privileges for the token. + The owner of the token. + The primary group for the token. + The default dacl for the token. + The source for the token. + The token object. + + + + Create a token. Needs SeCreateTokenPrivilege. + + The user for the token. + The groups for the token. + The privileges for the token. + The token object. + + + + Create a token. Needs SeCreateTokenPrivilege. + + The user for the token. + The token object. + + + + Impersonate another process' token + + The impersonation level + Process ID of the other process + An impersonation context, dispose to revert to process token + + + + Get the current user. + + True to throw on error. + The current user. + + + + Do a single privilege check on the effective token. + + The privilege to check. + True to throw on error. + True if the privilege is enabled. + + + + Do a single privilege check on the effective token. + + The privilege to check. + True if the privilege is enabled. + + + + Get the current user. + + + + + Get authentication ID for LOCAL SYSTEM + + + + + Get authentication ID for LOCAL SERVICE + + + + + Get authentication ID for NETWORK SERVICE + + + + + Get authentication ID for ANONYMOUS + + + + + Get a pseudo handle to the primary token. + + Only useful for querying information. + + + + Get a pseudo handle to the impersonation token. + + Only useful for querying information. + + + + Get a pseudo handle to the effective token. + + Only useful for querying information. + + + + Static methods to interact with the ETW subsystem. + + + + + Issue a trace control request. + + The trace control function code. + The optional input buffer. + The optional output buffer. + True to throw on error. + The output length. + + + + Issue a trace control request. + + The trace control function code. + The optional input buffer. + The optional output buffer. + The output length. + + + + Access rights for Trace + + + + + The security trace provider GUID. + + + + + The default security GUID. + + + + + Class to represent a kernel transaction. + + + + + Create a transaction + + The object attributes + Desired access for the handle + True to throw an exception on error. + Transaction creation options. + Optional description of the transaction. + Isolation flags. + Isolation level. + Optional transaction timeout. + Optional transaction manager. + Optional UOW. + The NT status code and object result. + + + + Create a transaction + + The object attributes + Desired access for the handle + Transaction creation options. + Optional description of the transaction. + Isolation flags. + Isolation level. + Optional transaction timeout. + Optional transaction manager. + Optional UOW. + The NT status code and object result. + + + + Create a transaction + + The object attributes + Desired access for the handle + True to throw an exception on error. + The NT status code and object result. + + + + Create a transaction + + The object attributes + Desired access for the handle + The opened transaction + + + + Create a transaction + + The path of the transaction + The root if path is relative + Desired access for the handle + Transaction creation options. + Optional description of the transaction. + Isolation flags. + Isolation level. + Optional transaction timeout. + Optional transaction manager. + Optional UOW. + True to throw an exception on error. + The opened transaction + + + + Create a transaction + + The path of the transaction + The root if path is relative + Desired access for the handle + Transaction creation options. + Optional description of the transaction. + Isolation flags. + Isolation level. + Optional transaction timeout. + Optional transaction manager. + Optional UOW. + The opened transaction + + + + Create a transaction + + The path of the transaction + The root if path is relative + Desired access for the handle + True to throw an exception on error. + The opened transaction + + + + Create a transaction + + The path of the transaction + The root if path is relative + Desired access for the handle + The opened transaction + + + + Create a transaction + + The path of the transaction + The root if path is relative + The opened transaction + + + + Create a transaction + + The path of the transaction + The opened transaction + + + + Create a transaction + + The opened transaction + + + + Open a transaction object. + + The object attributes for the object + The desired access for the object + Optional transaction manager. + UOW Guid. + True to throw an exception on error. + The NT status code and object result. + + + + Open a transaction object. + + The object attributes for the object + The desired access for the object + Optional transaction manager. + UOW Guid. + The object result. + + + + Open a transaction object. + + The desired access for the object + Optional transaction manager. + UOW Guid. + The object result. + + + + Open a transaction object. + + Optional transaction manager. + UOW Guid. + The object result. + + + + Open a transaction object. + + UOW Guid. + The object result. + + + + Get a list of all accessible transaction objects. + + The object attributes for the object + Optional transaction manager. + The access for the transaction objects. + The list of all accessible transaction objects. + + + + Get a list of all accessible transaction objects. + + The access for the transaction objects. + The list of all accessible transaction objects. + + + + Get a list of all accessible transaction objects. + + The list of all accessible transaction objects. + + + + Get the current thread's transaction. + + + + + Commit the transaction + + Wait for transaction to commit. + True to throw an exception on error. + The NT status code. + + + + Commit the transaction + + Wait for transaction to commit. + + + + Commit the transaction + + + + + Rollback the transaction + + Wait for transaction to rollback. + True to throw an exception on error. + The NT status code. + + + + Rollback the transaction + + Wait for transaction to rollback. + + + + Rollback the transaction + + + + + Enable the transaction for anything in the current thread context. + + The transaction context. This should be disposed to disable the transaction. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Get the ID of the transaction. + + + + + Get the Unit of Work ID of the transaction. Same as transaction ID. + + + + + Get the state of the transaction. + + + + + Get the outcome of the transaction. + + + + + Get or set the transaction description. + + + + + Get or set the transaction isolation level. + + + + + Get or set the transaction isolation flags. + + + + + Get or set transaction timeout. + + + + + Query list of enlistments for this transaction. + + + + + Query the superior enlistment for this transaction. + + + + + Class to represent a kernel transaction manager. + + + + + Create a new transaction manager object. + + The object attributes + Desired access for the handle + True to throw an exception on error. + The CLFS log file to create if not volatile. + Creation options flags. + Commit strength, set to 0. + The NT status code and object result. + + + + Create a new transaction manager object. + + The object attributes + Desired access for the handle + The CLFS log file to create if not volatile. + Creation options flags. + Commit strength, set to 0. + The object result. + + + + Create a new transaction manager object. + + The path to the transaction manager. + The root if path is relative. + Desired access for the handle + The CLFS log file to create if not volatile. + Creation options flags. + True to throw an exception on error. + The object result. + + + + Create a new transaction manager object. + + The path to the transaction manager. + The root if path is relative. + Desired access for the handle + The CLFS log file to create if not volatile. + Creation options flags. + The object result. + + + + Create a new volatile transaction manager object. + + The path to the transaction manager. + The root if path is relative. + Desired access for the handle + The object result. + + + + Create a new volatile transaction manager object. + + The path to the transaction manager. + The root if path is relative. + The object result. + + + + Create a new volatile transaction manager object. + + The path to the transaction manager. + The object result. + + + + Create a new volatile transaction manager object. + + The object result. + + + + Open a existing transaction manager object. + + The object attributes + Desired access for the handle + The CLFS log file to create if not volatile. + Identity of the transaction manager. + Open options flags. + True to throw an exception on error. + The NT status code and object result. + + + + Open a existing transaction manager object. + + The object attributes + Desired access for the handle + Identity of the transaction manager. + The CLFS log file to create if not volatile. + Open options flags. + The object result. + + + + Open an existing transaction manager object. + + The path to the transaction manager. + The root if path is relative. + Desired access for the handle + Identity of the transaction manager. + The CLFS log file to create if not volatile. + Open options flags. + True to throw an exception on error. + The object result. + + + + Open an existing transaction manager object. + + The path to the transaction manager. + The root if path is relative. + Desired access for the handle + Identity of the transaction manager. + The CLFS log file to create if not volatile. + Open options flags. + The object result. + + + + Open an existing transaction manager object. + + The path to the transaction manager. + The root if path is relative. + Desired access for the handle + The object result. + + + + Open an existing transaction manager object. + + The path to the transaction manager. + The root if path is relative. + The object result. + + + + Open an existing transaction manager object. + + The path to the transaction manager. + The object result. + + + + Rename transaction manager object. The new identity can be queried with the Identity property on the object. + + The path to the transaction log file. + The existing transaction manager identity. + True to throw an exception on error. + The NT status code + + + + Get a list of all accessible transaction manager objects. + + Object attributes for opened handle. + The access for the transaction manager objects. + Open options. + The list of all accessible transaction manager objects. + + + + Get a list of all accessible transaction manager objects. + + The access for the transaction manager objects. + The list of all accessible transaction manager objects. + + + + Get a list of all accessible transaction manager objects. + + The list of all accessible transaction manager objects. + + + + Get the Transaction Manager identity. + + + + + Get the Transaction Manager virtual clock. + + + + + Get the Transaction Manager log identity. + + + + + Get the Transaction Manager log path. + + + + + Get Transaction Manager last recovered Log Sequence Number. + + + + + Get whether the transaction manager is volatile. + + + + + Rename transaction manager object. The new identity can be queried with the Identity property on the object. + + True to throw an exception on error. + The NT status code + + + + Rename transaction manager object. The new identity can be queried with the Identity property on the object. + + + + + Recover the transaction manager. + + True to throw an exception on error. + The NT status code + + + + Recover the transaction manager. + + + + + Rollforward the transaction manager. + + Optional virtual block value to rollforward to. + True to throw an exception on error. + The NT status code + + + + Rollforward the transaction manager. + + True to throw an exception on error. + The NT status code + + + + Rollforward the transaction manager. + + Optional virtual block value to rollforward to. + + + + Rollforward the transaction manager. + + + + + Create a resource manager for this transaction manager. + + The resource manager GUID to assign. + Creation options. + True to throw on error. + The resource manager and NT status. + + + + Create a resource manager for this transaction manager. + + The resource manager GUID to assign. + Creation options. + The resource manager . + + + + Create a resource manager for this transaction manager. + + The resource manager GUID to assign. + The resource manager. + + + + Create a volatile resource manager for this transaction manager with a auto-generated GUID. + + The resource manager. + + + + Method to query information for this object type. + + The information class. + The buffer to return data in. + Return length from the query. + The NT status code for the query. + + + + Method to set information for this object type. + + The information class. + The buffer to set data from. + The NT status code for the set. + + + + Query the information class as an object. + + The information class. + True to throw on error. + The information class as an object. + + + + Get a list of all accessible transaction objects owned by this transaction manager. + + The access for the transaction objects. + The list of all accessible transaction objects. + + + + Get a list of all accessible transaction objects owned by this transaction manager. + + The list of all accessible transaction objects. + + + + Get a list of all accessible resource manager objects owned by this transaction manager. + + Object attributes for opened handle. + The access for the resource manager objects. + The list of all accessible resource manager objects. + + + + Get a list of all accessible resource manager objects owned by this transaction manager. + + The access for the resource manager objects. + The list of all accessible resource manager objects. + + + + Get a list of all accessible resource manager objects owned by this transaction manager. + + The list of all accessible resource manager objects. + + + + General utilities for the kernel transaction manager. + + + + + Enumerate transaction objects of a specific type from a root handle. + + The root handle to enumearate from. + The type of object to query. + The list of enumerated transaction object GUIDs. + + + + Enumerate all transaction objects of a specific type. + + The type of object to query. + The list of enumerated transaction object GUIDs. + + + + Freeze all transactions. Needs SeRestorePrivilege. + + The freeze wait timeout. + The thaw wait timeout. + Throw exception on error. + The NT status code. + + + + Freeze all transactions. Needs SeRestorePrivilege. + + The freeze wait timeout. + The thaw wait timeout. + + + + Thaw transactions. Needs SeRestorePrivilege. + + Throw exception on error. + The NT status code. + + + + Thaw transactions. Needs SeRestorePrivilege. + + The NT status code. + + + + Class representing an NT object type + + + + + The name of the type + + + + + The mapping from generic to specific object rights + + + + + The valid access mask + + + + + True if the object needs security even if unnamed + + + + + Total number of objects (when originally retrieved) + + + + + Total number of handles (when originally retrieved) + + + + + Total paged pool usage (when originally retrieved) + + + + + Total non-paged pool usage (when originally retrieved) + + + + + Total name pool usage (when originally retrieved) + + + + + Total handle table usage (when originally retrieved) + + + + + Maximum number of objects (when originally retrieved) + + + + + Maximum number of handles (when originally retrieved) + + + + + Maximum paged pool usage (when originally retrieved) + + + + + Maximum non-paged pool usage (when originally retrieved) + + + + + Maximum name pool usage (when originally retrieved) + + + + + Maximum handle table usage (when originally retrieved) + + + + + The attributes flags which are invalid + + + + + Indicates whether handle count is mainted + + + + + Indicates the type list maintained + + + + + Indicates the type of pool used in allocations + + + + + Current paged pool usage + + + + + Current non-pages pool usage + + + + + Type Index + + + + + Generic Read Access rights + + + + + Generic Read Access rights + + + + + Generic Read Access rights + + + + + Generic Read Access rights + + + + + Get the maximum access mask for the type's default mandatory access policy. + + + + + Get implemented object type for this NT type. + + + + + Get the access rights enumerated type for this NT type. + + + + + Get the access rights enumerated type for this NT type if it's a container. + + There's only one known type at the moment which uses this, File. + + + + Can this type of open be opened by name + + + + + Get the valid access rights for this Type. + + + + + Get the valid read access rights for this Type. + + + + + Get the valid write access rights for this Type. + + + + + Get the valid execute access rights for this Type. + + + + + Get the valid all access rights for this Type. + + + + + Get the valid mandatory access rights for this Type. + + + + + Get defined query information classes for a type. + + + + + Get defined set information classes for a type. + + + + + Open this NT type by name (if CanOpen is true) + + The object attributes to open. + Desired access when opening. + True to throw an exception on error. + The NT status code and object result. + + + + Open this NT type by name (if CanOpen is true) + + The name of the object to open. + The root object for opening, if name is relative + Desired access when opening. + The created object. + Thrown on error + + + + Open this NT type by name (if CanOpen is true) + + The name of the object to open. + The root object for opening, if name is relative + The created object. + Thrown on error + + + + Open this NT type by name (if CanOpen is true) + + The name of the object to open. + The created object. + Thrown on error + + + + Get object from an existing handle. + + The existing handle. + The new object. + + + + Get object from an existing handle. + + The existing handle. + True to own the handle. + The new object. + + + + Get object from an existing handle. + + The existing handle. + The call doesn't own the handle. The returned object can't be used to close the handle. + The new object. + + + + Convert an enumerable access rights to a string + + True to use the container access type. + The granted access mask. + True to try and convert to generic rights where possible. + Set to true to use SDK style names. + The string format of the access rights + + + + Convert an enumerable access rights to a string + + True to use the container access type. + The granted access mask. + True to try and convert to generic rights where possible. + The string format of the access rights + + + + Convert an enumerable access rights to a string + + The granted access mask. + True to try and convert to generic rights where possible. + The string format of the access rights + + + + Convert an enumerable access rights to a string + + The granted access mask. + The string format of the access rights + + + + Checks if an access mask represents a read permission on this type + + The access mask to check + True if it has read permissions + + + + Checks if an access mask represents a write permission on this type + + The access mask to check + True if it has write permissions + + + + Checks if an access mask represents a execute permission on this type + + The access mask to check + True if it has execute permissions + + + + Checks if an access mask represents a full permission on this type + + The access mask to check + True if it has full permissions + + + + Map generic access rights to specific access rights for this type + + The access mask to map + The mapped access mask + + + + Unmap specific access rights to generic access rights for this type + + The access mask to unmap + The unmapped access mask + + + + Checks if an access mask is valid for access of this object type. + + The access mask to check + True if it valid access + + + + Get the maximum access mask for the type's default mandatory access policy. + + The allowed access mask for the type with the default policy. + + + + Overridden ToString method. + + Returns the type as a string. + + + + Create an NtType object by name. + + The name of the NT type. + This will always return a cached type. + Invalid NT type name. + + + + Get a type object by index + + The index + The object type, null if not found + + + + Get a type object by index + + The index, must be >= 0. + True to get a cached type, false to return a live types. + The object type, null if not found + + + + Get a type object by name + + The name of the type + True to create a fake type if needed. + True to get a cached type, false to return a live types. + The object type, null if not found + + + + Get a type object by name + + The name of the type + True to create a fake type if needed. + The object type, null if not found + + + + Get a type object by name + + The name of the type + The object type, null if not found + + + + Get a type object by a kernel handle. + + The kernel handle. + True to create a fake type if needed. + The object type, null if not found + + + + Get an NT type based on the implemented .NET type. + + A type derived from NtObject + True to get a cached type, false to return a live types. + The NtType represented by this .NET type. Note if a type is represented with multiple + names only return the first one we find. + Thrown if there exists no .NET type which maps to this type. + + + + Get an NT type based on the implemented .NET type. + + A type derived from NtObject + The NtType represented by this .NET type. Note if a type is represented with multiple + names only return the first one we find. + Thrown if there exists no .NET type which maps to this type. + + + + Get a fake type object. This can be used in access checking for operations which need an NtType object + but there's no real NT object. + + The name of the fake type. Informational only. + The GENERIC_MAPPING for security checking. + The access rights enumeration type. + The access rights enumeration type of the object is a container. + The mandatory label policy. + The fake NT type object. + + + + Get a fake type object. This can be used in access checking for operations which need an NtType object + but there's no real NT object. + + The name of the fake type. Informational only. + The GENERIC_MAPPING for security checking. + The access rights enumeration type. + The access rights enumeration type of the object is a container. + The fake NT type object. + + + + Get a fake type object. This can be used in access checking for operations which need an NtType object + but there's no real NT object. + + The name of the fake type. Informational only. + The GENERIC_MAPPING for security checking. + The access rights enumeration type. + The fake NT type object. + + + + Get a fake type object. This can be used in access checking for operations which need an NtType object + but there's no real NT object. + + The name of the fake type. Informational only. + The GENERIC_READ for security checking. + The GENERIC_WRITE for security checking. + The GENERIC_EXECUTE for security checking. + The GENERIC_ALL for security checking. + The access rights enumeration type. + The access rights enumeration type of the object is a container. + The fake NT type object. + + + + Get a fake type object. This can be used in access checking for operations which need an NtType object + but there's no real NT object. + + The name of the fake type. Informational only. + The GENERIC_READ for security checking. + The GENERIC_WRITE for security checking. + The GENERIC_EXECUTE for security checking. + The GENERIC_ALL for security checking. + The access rights enumeration type. + The fake NT type object. + + + + Get a list of all types. + + The list of types. + + + + Get a list of all types. + + True to get the cached list of types, false to return a live list of all types. + True to include fake types such as WNF or Service + The list of types. + + + + Get a list of all types. + + True to get the cached list of types, false to return a live list of all types. + The list of types. + + + + Get the NT type from a path. + + The object manager path. + Optional root object. + The NT type. Returns null if not available or unknown. + + + + Converted user process parameters. + + + + + Static class to access virtual memory functions of NT. + + + + + Query section name, + + The process to query from. + The base address to query. + True to throw on error + The result of the query. + + + + Query section name, + + The process to query from. + The base address to query. + The result of the query. + + + + Query memory information for a process. + + The process to query. + The base address. + True to throw on error. + The memory information for the region. + Thrown on error. + + + + Query memory information for a process. + + The process to query. + The base address. + The memory information for the region. + Thrown on error. + + + + Query all memory information regions in process memory. + + The list of memory regions. + Thrown on error. + + + + Query a list of mapped files in a process. + + The process to query. + The list of mapped images + Thrown on error. + + + + Read memory from a process. + + The process to read from. + The base address in the process. + The length to read. + The array of bytes read from the location. + If a read is short then returns fewer bytes than requested. + Thrown on error. + + + + Write memory to a process. + + The process to write to. + The base address in the process. + The data to write. + The number of bytes written to the location + Thrown on error. + + + + Read structured memory from a process. + + The process to read from. + The base address in the process. + The read structure. + Thrown on error. + Type of structure to read. + + + + Write structured memory to a process. + + The process to write to. + The base address in the process. + The data to write. + Thrown on error. + Type of structure to write. + + + + Read structured memory array from a process. + + The process to read from. + The base address in the process. + The number of elements in the array to read. + The read structure. + Thrown on error. + Type of structure to read. + + + + Write structured memory array to a process. + + The process to write to. + The base address in the process. + The data array to write. + Thrown on error. + Type of structure to write. + + + + Allocate virtual memory in a process. + + The process to allocate in. + Optional base address, if 0 will automatically select a base. + The region size to allocate. + The type of allocation. + The allocation protection. + True to throw on error. + The address of the allocated region. + Thrown on error. + + + + Allocate virtual memory in a process. + + The process to allocate in. + Optional base address, if 0 will automatically select a base. + The region size to allocate. + The type of allocation. + The allocation protection. + The address of the allocated region. + Thrown on error. + + + + Free virtual emmory in a process. + + The process to free in. + Base address of region to free + The size of the region. + The type to free. + Thrown on error. + + + + Free virtual emmory in a process. + + The process to free in. + Base address of region to free + The size of the region. + The type to free. + True to throw on error. + Thrown on error. + + + + Change protection on a region of memory. + + The process to change memory protection + The base address + The size of the memory region. + The new protection type. + The old protection for the region. + Thrown on error. + + + + Change protection on a region of memory. + + The process to change memory protection + The base address + The size of the memory region. + The new protection type. + True to throw on error. + The old protection for the region. + Thrown on error. + + + + Query working set information for an address in a process. + + The process to query. + The base address to query. + True to throw on error + The working set information. + Thrown on error. + + + + Query working set information for an address in a process. + + The process to query. + The base address to query. + The working set information. + Thrown on error. + + + + Query image information for an address in a process. + + The process to query. + The base address to query. + True to throw on error + The image information. + Thrown on error. + + + + Query image information for an address in a process. + + The process to query. + The base address to query. + The image information. + Thrown on error. + + + + Determine if two addresses are the same mapped file. + + The first address. + The second address. + True to throw on error. + True if the mapped memory is the same file. + + + + Determine if two addresses are the same mapped file. + + The first address. + The second address. + True if the mapped memory is the same file. + + + + Flush instruction cache. + + The process to flush the cache in. + The address to flush. + The number of bytes to flush/ + True to throw on error. + The NT status code. + + + + Flush instruction cache. + + The process to flush the cache in. + The address to flush. + The number of bytes to flush/ + + + + Native Wait methods. + + + + + Wait on a single object to become signaled + + The object to wait on + Whether the thread should be alertable + The timeout to wait for + The success status of the wait, such as STATUS_SUCCESS or STATUS_TIMEOUT + + + + Wait on multiple objects to become signaled + + The objects to wait on + Whether the thread should be alerable + True to wait for all objects to be signaled + The timeout to wait for + The success status of the wait, such as STATUS_WAIT_OBJECT_0 or STATUS_TIMEOUT + + + + Signal an object then wait for another to become signaled. + + The object to signal + The object to wait on. + Whether the thread should be alertable + The timeout to wait for + The success status of the wait, such as STATUS_SUCCESS or STATUS_TIMEOUT + + + + A .NET wait handle to use for interop. + + + + + Create a .NET wait handle from an object. + + The object to create the wait handle on + + + + Wait asynchronously for the handle to be signaled. + + Timeout in milliseconds. + Cancellation token for wait. + A task to wait on. If result is true then event was signaled. + + + + Wait asynchronously for the handle to be signaled. + + Timeout in milliseconds. + A task to wait on. If result is true then event was signaled. + + + + Wait asynchronously for the handle to be signaled. + Will wait an infinite time. + + A task to wait on. + + + + Class to represent an NT timeout + + + + + Get a timeout which will wait indefinitely. + + + + + Get a relative timeout in seconds. + + The number of seconds to wait. + An instance of the timeout class. + + + + Get a relative timeout in milliseconds. + + The number of milliseconds to wait. + An instance of the timeout class. + + + + Get an absolute time out from system start. + + The absolute time to wait until. + An instance of the timeout class. + + + + Get a relative time out from the current time. + + The relative time to wait in units of 100ns. + An instance of the timeout class. + + + + Create an absolute wait timeout from a datetime. + + The time for the timeout to complete. + An instance of the timeout class. + + + + The timeout as a long. + + + + + Overridden ToString method. + + The timeout as a string. + + + + Well-known IO Control codes. + + + + + Convert a control code to a known name. + + The control code. + The known name, or an empty string. + + + + Get a list of known control codes. + + The list of known control codes. + + + + Get a list of known control codes. + + The control code. + Thrown if can't find name. + + + + Structure to represent a Window. + + + + + The Window Handle. + + + + + Get Process ID for the Window. + + + + + Get the Thread ID for the Window. + + + + + Get the real owner Process ID of the Window. + + + + + Get the class name for the Window. + + + + + Send a message to the Window, Unicode. + + The message to send. + The WPARAM. + The LPARAM. + The send result. + + + + Send a message to the Window, ANSI. + + The message to send. + The WPARAM. + The LPARAM. + The send result. + + + + Post a message to the Window, Unicode. + + The message to send. + The WPARAM. + The LPARAM. + True to throw on error. + The send result. + + + + Post a message to the Window, Unicode. + + The message to send. + The WPARAM. + The LPARAM. + The send result. + + + + Send a message to the Window, ANSI. + + The message to send. + The WPARAM. + The LPARAM. + True to throw on error. + The send result. + + + + Send a message to the Window, ANSI. + + The message to send. + The WPARAM. + The LPARAM. + The send result. + + + + Constructor. + + Window handle. + + + + Constructor. + + Window handle. + + + + Get the NULL window handle. + + + + + Get the desktop window. + + + + + Get the broadcast window. + + + + + Get all Top Level windows. + + + + + Enumerate window handles. + + Desktop containing the Windows. Optional. + The parent Window. Optional. + True to enumerate child Windows. + Hide immersive Windows. + The thread ID that owns the Window. + True to throw on error. + The enumerated Window Handles. + + + + Enumerate window handles. + + Desktop containing the Windows. Optional. + The parent Window. Optional. + True to enumerate child Windows. + Hide immersive Windows. + The thread ID that owns the Window. + The enumerated Window Handles. + + + + Class which represents a window station object. + + + + + Open a window station by name. + + The object attributes for opening. + Desired access. + True to throw on error. + The instance of the window station + Thrown on error. + + + + Open a window station by name. + + The object attributes for opening. + Desired access. + The instance of the window station + Thrown on error. + + + + Open a window station by name. + + The name of the window station + Optional root object + The instance of the window station + Thrown on error. + + + + Open a window station by name. + + + The instance of the window station + Thrown on error. + + + + Create a Window Station by name. + + Object attributes for the Window Station. + Desired access for the Window Station. + Path to Keyboard DLL e.g. kbusa.dll. + Locale ID, e.g. 0x4090409. + Language ID e.g. 0x409. + True to throw on error. + The Window Station. + + + + Create a Window Station by name. + + Object attributes for the Window Station. + Desired access for the Window Station. + Path to Keyboard DLL e.g. kbusa.dll. + Locale ID, e.g. 0x4090409. + Language ID e.g. 0x409. + The Window Station. + + + + Create a Window Station by name. + + The name of the Window Station. + The Window Station. + + + + Get a list of desktops for this Window Station. + + + + + Enumerate name of Window Stations in current session. + + + + + Get a list of accessible Window Station objects. + + The desired access for the Window Stations. + The list of desktops. + + + + Get a list of accessible Window Station objects. + + The list of desktops. + + + + Get a list of accessible desktop objects. + + The desired access for the desktops. + The list of desktops. + + + + Get a list of accessible desktop objects. + + The list of desktops. + + + + Close the Window Stations. This is different from normal Close as it destroys the Window Station. + + True to throw on error. + The NT status. + + + + Set the Window Station for the Process. + + True to throw on error. + The NT status. + + + + Open the current process Window Station. + + True to throw on error. + The instance of the window station + The returned object is no owned by the caller. + Thrown on error. + + + + Open the current process Window Station. + + + + + Get the Window Station directory for a session. + + The session ID. + The path to the Window Station directory. + + + + Get the Window Station directory for the current session. + + The path to the Window Station directory. + + + + NT WNF object. + + + + + Get the generic mapping for a + + + + + Fake NT type name for WNF. + + + + + Create a new WNF state name. + + The lifetime of the name. + The scope of the data. + Whether to persist data. + Optional type ID. + Maximum state size. + Mandatory security descriptor. + True to throw on error. + The created object. + + + + Kernel derived key which is used to mask the state name. + + + + + Create a new WNF state name. + + The lifetime of the name. + The scope of the data. + Whether to persist data. + Optional type ID. + Maximum state size. + Mandatory security descriptor. + The created object. + + + + Open a state name. Doesn't check if it exists. + + The statename to open. + True to check state name exists. + True to throw on error. + The created object. + + + + Open a state name. Doesn't check if it exists. + + The statename to open. + True to check state name exists. + The created object. + + + + Open a state name. Doesn't check if it exists. + + The statename to open. + The created object. + + + + Open a state name. Doesn't check if it exists. + + The name to open. + True to check state name exists. + The created object. + + + + Open a state name. Doesn't check if it exists. + + The name to open. + The created object. + + + + Get registered notifications. + + The list of registered notifications. + + + + Get the state name for this WNF entry. + + + + + The state name decoded. + + + + + Get the associated lifetime for the state name. + + + + + Version of the WNF state name. + + + + + Data scope of WNF state name. + + + + + Is WNF state name persistent. + + + + + Unique identifier of WNF state name, + + + + + Get if the state has subscribers. + + + + + Get the security descriptor for this object, if known. + + + + + Get a name for the WNF notification. + + + + + Query state data for the WNF object. + + Optional Type ID. + Optional explicit scope. + True to throw on error. + The state data. + + + + Query state data for the WNF object. + + Optional Type ID. + Optional explicit scope. + The state data. + + + + Query state data for the WNF object. + + The state data. + + + + Update state data for the WNF object. + + The data to set. + Optional Type ID. + Optional explicit scope. + Optional matching changestamp. + True to throw on error. + The status from the update. + + + + Update state data for the WNF object. + + The data to set. + + + + Delete the state data for the WNF object. + + Optional explicit scope. + True to throw on error. + The NT status code. + + + + Delete the state data for the WNF object. + + Optional explicit scope. + + + + Delete the state data for the WNF object. + + + + + Overridden ToString method. + + The string representation. + + + + Get dictionary of well known WNF state names. + + This was dumped from perf_nt_c.dll 10.0.18362.1 using https://github.com/ionescu007/wnfun. + + + + Get the state name to name mappings. + + + + + Get the name to state name mappings. + + + + + Get the name of a state name if known. + + The state name. + The name of the state name, or null if unknown. + + + + Flags for OBJECT_ATTRIBUTES + + + + + None + + + + + Handle is protected from closing. + + + + + The handle created can be inherited + + + + + Audit handle close. + + + + + The object created is marked as permanent + + + + + The object must be created exclusively + + + + + The object name lookup should be done case insensitive + + + + + Open the object if it already exists + + + + + Open the object as a link + + + + + Create as a kernel handle (not used in user-mode) + + + + + Force an access check to occur (not used in user-mode) + + + + + Ignore impersonated device map when looking up object + + + + + Fail if a reparse is encountered + + + + + A class which represents OBJECT_ATTRIBUTES + + + + + Constructor. Sets flags to None + + + + + Constructor + + The name of the object + Attribute flags + + + + Constructor + + The name of the object + Attribute flags + A root object to lookup a relative path + + + + Constructor + + Attribute flags + + + + Constructor + + The name of the object + + + + Constructor + + An object ID. + The object attribute flags. + An optional root handle, can be SafeKernelObjectHandle.Null. Will duplicate the handle. + An optional security quality of service. + An optional security descriptor. + + + + Constructor + + The object name, can be null. + The object attribute flags. + An optional root handle, can be SafeKernelObjectHandle.Null. Will duplicate the handle. + An optional security quality of service. + An optional security descriptor. + + + + Constructor + + The object name, can be null. + The object attribute flags. + An optional root handle, Will duplicate the handle. + An optional security quality of service. + An optional security descriptor. + + + + Create an Object Attributes structure with a raw name. Useful for Object ID handling. + + The name of the object in raw bytes. + The object attribute flags. + An optional root handle, Will duplicate the handle. + An optional security quality of service. + An optional security descriptor. + The created object attributes. + + + + Dispose + + + + + Object type entry for an access check. + + + + + The object level. + + + + + The object type GUID. + + + + + The name of the object. + + + + + Constructor. + + + + + Constructor. + + The object type GUID. + The object level. + The name of the object type entry. + + + + Constructor. + + The object type GUID. + The object level. + + + + Constructor. + + The object type GUID. + + + + Overridden ToString method. + + The object formatted. + + + + This class allows a function to specify an optional Guid + + + + + Optional Guid + + + + + Constructor + + The GUID to initialize + + + + Constructor + + + + + Implicit conversion + + The value + + + + This class allows a function to specify an optional uint16. + + + + + Optional value + + + + + Constructor + + The value + + + + Constructor + + + + + Implicit conversion + + The value + + + + This class allows a function to specify an optional int32. + + + + + Optional value + + + + + Constructor + + The value + + + + Constructor + + + + + Implicit conversion + + The value + + + + This class allows a function to specify an optional int64. + + + + + Optional value + + + + + Constructor + + The value + + + + Constructor + + + + + Implicit conversion + + The value + + + + This class allows a function to specify an optional length as a SizeT + + + + + Optional length + + + + + Constructor + + The length value + + + + Constructor + + The length value + + + + Constructor + + The length value + + + + Implicit conversion + + The length value + + + + This class allows a function to specify an optional pointer. + + + + + Optional length + + + + + Constructor + + The value + + + + Constructor + + + + + Implicit conversion + + The value + + + + Optional value. + + + + + Optional value. + + + + + Constructor + + The value + + + + Constructor + + + + + Implicit conversion + + The value. + + + + Optional value. + + + + + Optional value. + + + + + Constructor + + The value + + + + Constructor + + + + + Implicit conversion + + The value. + + + + Optional value. + + + + + Optional value. + + + + + Constructor + + The value + + + + Constructor + + + + + Implicit conversion + + The value. + + + + Optional value. + + + + + Optional value. + + + + + Constructor + + The value + + + + Constructor + + + + + Implicit conversion + + The value. + + + + The result of a privilege check. + + + + + The list of privileges from the result. + + + + + The list of enabled privileges. + + + + + True indicates all privileges were held. + + + + + A single process module. + + + + + The module section. + + + + + Mapped base. + + + + + Image base. + + + + + Image size. + + + + + Flags. + + + + + Load order index. + + + + + Init order index. + + + + + Load count. + + + + + Full path name. + + + + + File name. + + + + + Reparse Tag value. + + + + + Base class for a reparse buffer. + + + + + The reparse tag in the buffer. + + + + + Function to initialize this class by parsing the reparse buffer data (not including header). + + The length of the data to read. + The stream to read from. + + + + Get reparse buffer data as a byte array (not including header). + + The reparse buffer data. + + + + Constructor. + + The reparse tag to assign. + + + + Get a reparse buffer from a byte array. + + The byte array to parse + The reparse buffer. + + + + Get a reparse buffer from a byte array. + + The byte array to parse + True to return an opaque buffer if + the tag isn't known, otherwise try and parse as a generic buffer + The reparse buffer. + + + + Convert reparse buffer to a byte array in REPARSE_DATA_BUFFER format. + + The reparse buffer as a byte array. + + + + Convert reparse buffer to a byte array in the REPARSE_DATA_BUFFER_EX format. + + Flags for the buffer. + Existing GUID to match against. + Existing tag to matcha against. + The reparse buffer as a byte array. + + + + Get if a reparse tag is a Microsoft defined one. + + + + + Get if a reparse tag is a name surrogate. + + True if it's a surrogate reparse tag. + + + + Get if a reparse tag is a directory. + + + + + Generic GUID reparse buffer. + + + + + Constructor. + + The reparse tag. + The reparse GUID + Additional reparse data. + + + + Constructor. + + The reparse tag. + The reparse GUID + Additional reparse data. + + + + The reparse GUID. + + + + + Additional reparse data. + + + + + Get reparse buffer data as a byte array (not including header). + + The reparse buffer data. + + + + Function to initialize this class by parsing the reparse buffer data (not including header). + + The length of the data to read. + The stream to read from. + + + + Reparse buffer with an opaque data blob. + + + + + Constructor. + + The reparse tag. + The opaque data blob. + + + + The opaque data blob. + + + + + Get reparse buffer data as a byte array (not including header). + + The reparse buffer data. + + + + Function to initialize this class by parsing the reparse buffer data (not including header). + + The length of the data to read. + The stream to read from. + + + + Reparse buffer for an NTFS mount point. + + + + + Constructor. + + Substitution name to reparse to when accessing mount point. + Printable name for the mount point. + + + + Substitution name to reparse to when accessing mount point. + + + + + Printable name for the mount point. + + + + + Function to initialize this class by parsing the reparse buffer data (not including header). + + The length of the data to read. + The stream to read from. + + + + Get reparse buffer data as a byte array (not including header). + + The reparse buffer data. + + + + Symlink flags. + + + + + None. + + + + + Substitution name is relative to the symlink. + + + + + Reparse buffer for an NTFS symlink. + + + + + Constructor. + + Substitution name to reparse to when accessing symlink. + Printable name for the symlink. + Symlink flags. + + + + Constructor. + + Substitution name to reparse to when accessing symlink. + Printable name for the symlink. + Symlink flags. + Create a global symlink rather than a normal symlink. + + + + Substitution name to reparse to when accessing symlink. + + + + + Printable name for the symlink. + + + + + Symlink flags. + + + + + Function to initialize this class by parsing the reparse buffer data (not including header). + + The length of the data to read. + The stream to read from. + + + + Get reparse buffer data as a byte array (not including header). + + The reparse buffer data. + + + + Application type for execution alias. + + + + + Desktop bridge application. + + + + + UWP type 1 + + + + + UWP type 2 + + + + + UWP type 3 + + + + + Reparse buffer for an execution alias. + + + + + The execution alias version. + + + + + The name of the application package. + + + + + The entry point in the package. + + + + + The target executable. + + + + + Application type for the alias. + + + + + Flags, obsolete. + + + + + Constructor. + + The execution alias version. + The name of the application package. + The entry point in the package. + The target executable. + Apptype for the alias. + + + + Get reparse buffer data as a byte array (not including header). + + The reparse buffer data. + + + + Function to initialize this class by parsing the reparse buffer data (not including header). + + The length of the data to read. + The stream to read from. + + + + Safe buffer for an ALPC data view. + + + + + Flags for the data view. + + + + + Get the port section handle. + + + + + Convert the section view to a message attribute. + + The message attribute. + + + + Release the data view handle. + + True if successfully released. + + + + Safe buffer to contain an ALPC port message. + + + + + Constructor. + + The port message header. + The total length of allocated memory excluding the header. + + + + Constructor. Creates a receive buffer with a set length. + + The total length of allocated memory excluding the header. + + + + Get a NULL safe buffer. + + + + + Detaches the current buffer and allocates a new one. + + The detached buffer. + The original buffer will become invalid after this call. + + + + Safe handle for a port section. + + + + + Release handle. + + True if handle released successfully. + + + + Safe handle for an ALPC security context. + + + + + Attribute flags. + + + + + Security quality of service. + + + + + Get the security context as a message attribute. + + The message attribute. + + + + Get whether handle is invalid. + + + + + Release handle. + + True if handle released successfully. + + + + Revoke the security context attribute. + + True to throw on error. + The NT status code. + + + + Revoke the security context attribute. + + + + + Safe buffer to contain a list of structures. + + + + + The count of elements of the array. + + + + + Constructor. + + Array of elements. + Additional data to place after the array. + + + + Constructor. + + Array of elements. + + + + Get a reference to the additional data. + + + + + Get a NULL safe array buffer. + + + + + Dispose buffer. + + True if disposing. + + + + Safe buffer which acts as a base class for all other SafeBuffer types in the library. + + + + + Constructor + + Size of the buffer. + An existing pointer to a buffer. + Specify whether safe handle owns the buffer. + Inidicates if the underlying buffer is writable. + + + + Constructor + + Size of the buffer. + An existing pointer to a buffer. + Specify whether safe handle owns the buffer. + + + + Length of the allocation. + + + + + Length of the allocation as a long. + + + + + Get the length as an IntPtr + + + + + Convert the safe handle to an array of bytes. + + The data contained in the allocaiton. + + + + Read a NUL terminated string for the byte offset. + + The byte offset to read from. + The string read from the buffer without the NUL terminator + + + + Read a NUL terminated string + + The string read from the buffer without the NUL terminator + + + + Read a NUL terminated ANSI string for the byte offset. + + The byte offset to read from. + Text encoding for the string. + The string read from the buffer without the NUL terminator + + + + Read a NUL terminated ANSI string + + Text encoding for the string. + The string read from the buffer without the NUL terminator + + + + Read a NUL terminated ANSI string for the byte offset. + + The byte offset to read from. + The string read from the buffer without the NUL terminator + + + + Read a NUL terminated ANSI string + + The string read from the buffer without the NUL terminator + + + + Read a unicode string from the buffer. + + The offset into the buffer to read. + The number of characters to read. + The read unicode string. + + + + Read a unicode string from the buffer. + + The number of characters to read. + The read unicode string. + + + + Write a unicode string to the buffer. + + The offset into the buffer to write. + The value to write. + + + + Write a unicode string to the buffer. + + The value to write. + + + + Read an array of bytes from the buffer. + + The offset into the buffer. + The number of bytes to read. + The read bytes. + + + + Read an array of bytes from the buffer. + + The number of bytes to read. + The read bytes. + + + + Write an array of bytes to the buffer. + + The offset into the buffer. + The bytes to write. + + + + Write an array of bytes to the buffer. + + The bytes to write. + + + + Read array from the buffer. + + The type to read. + The offset into the buffer. + The number of elements to read. + The read array. + + + + Read an array of complex structures which can contain references. Doing this from a buffer is a dangerous operation. + + The buffer type. + The offset into the buffer. + The number of elements. + The array structures. + This doesn't bounds check the buffer size for the array or embedded structures so could easily crash the application. + + + + Zero an entire buffer. + + + + + Fill an entire buffer with a specific byte value. + + The fill value. + + + + Get a structured buffer object at a specified offset. + + The type of structure. + The offset into the buffer. + The structured buffer object. + + + + Get the buffer as a memory stream + + + + + + Create a view accessor over the full buffer. + + The view accessor. + + + + Create a view accessor. + + Offset into the buffer + Size of view. + The view accessor. + + + + Create a view accessor. + + Offset into the buffer + Size of view. + True to make the view writable. False for read-only + The view accessor. + + + + A safe handle to an allocated global buffer. + + + + + Constructor + + Size of the buffer to allocate. + + + + Constructor + + The length of data to allocate. + The total length to reflect in the Length property. + + + + Constructor + + Size of the buffer. + An existing pointer to an existing HGLOBAL allocated buffer. + Specify whether safe handle owns the buffer. + + + + Constructor + + Initialization data for the buffer. + + + + Get a buffer which represents NULL. + + + + + Resize the SafeBuffer. + + + + + + Overridden ReleaseHandle method. + + True if successfully released the memory. + + + + Detaches the current buffer and allocates a new one. + + The detached buffer. + The original buffer will become invalid after this call. + + + + Detaches the current buffer and allocates a new one. + + Specify a new length for the detached buffer. Must be <= Length. + The detached buffer. + The original buffer will become invalid after this call. + + + + Non-generic buffer to hold an IO_STATUS_BLOCK. + + + + + Constructor. + + + + + Get a buffer which represents NULL. + + + + + Safe handle which represents a kernel handle. + + + + + Constructor. + + An existing kernel handle. + True to own the kernel handle. + + + + Overridden ReleaseHandle method. + + True if successfully released the handle. + + + + Overridden IsInvalid method. + + + + + Get a handle which represents NULL. + + + + + Get or set whether the handle is inheritable. + + + + + Get or set whether the handle is protected from closing. + + + + + Get the NT type name for this handle. + + The NT type name. + + + + Overridden ToString method. + + The handle as a string. + + + + Class which is allocated from the process heap. + + + + + Constructor + + Size of the buffer to allocate. + + + + Constructor + + Initialization data for the buffer. + + + + Constructor + + The length of data to allocate. + The total length to reflect in the Length property. + + + + Constructor + + Size of the buffer. + An existing pointer to an existing HGLOBAL allocated buffer. + Specify whether safe handle owns the buffer. + + + + Get a buffer which represents NULL. + + + + + Overridden ReleaseHandle method. + + True if successfully released the memory. + + + + Detaches the current buffer and allocates a new one. + + The detached buffer. + The original buffer will become invalid after this call. + + + + Detaches the current buffer and allocates a new one. + + Specify a new length for the detached buffer. Must be <= Length. + The detached buffer. + The original buffer will become invalid after this call. + + + + Safe SID buffer. + + This is used to return values from the RTL apis which need to be freed using RtlFreeSid + + + + Safe handle for an in/out structure buffer. + + The type of structure as the base of the memory allocation. + + + + Constructor + + Structure value to initialize the buffer. + + + + Constructor, initializes buffer with a default structure. + + + + + Constructor + + Size of the buffer. + An existing pointer to an existing HGLOBAL allocated buffer. + Specify whether safe handle owns the buffer. + + + + Constructor + + Additional data to add to structure buffer. + If true additional_size is added to structure size, otherwise reflects the total size. + An existing pointer to an existing HGLOBAL allocated buffer. + Specify whether safe handle owns the buffer. + + + + Constructor, initializes buffer with a default structure. + + Additional data to add to structure buffer. + If true additional_size is added to structure size, otherwise reflects the total size. + + + + Constructor + + Structure value to initialize the buffer. + Additional data to add to structure buffer. + If true additional_size is added to structure size, otherwise reflects the total size. + + + + Get a buffer which represents NULL. + + + + + Overridden ReleaseHandle method. + + True if successfully released the memory. + + + + Get or set the result structure in the memory buffer. + + + + + Get a reference to the additional data. + + + + + Detaches the current buffer and allocates a new one. + + The detached buffer. + The original buffer will become invalid after this call. + + + + Detaches the current buffer and allocates a new one. + + Specify a new length for the detached buffer. Must be <= Length. + The detached buffer. + The original buffer will become invalid after this call. + + + + Safe buffer for a list of Token groups. + + + + + Constructor. + + The list of SID and attributes. + The list of allocated SIDs. + + + + NULL safe buffer. + + + + + Create a buffer from a list of groups. + + The group list. + The safe buffer. + + + + Dispose. + + True if disposing. + + + + Safe buffer for token privileges. + + + + + Constructor. + + List of privileges. + + + + NULL safe buffer. + + + + + Security descriptor control flags. + + + + + Security descriptor. + + + + + Discretionary access control list (can be null) + + + + + System access control list (can be null) + + + + + Owner (can be null) + + + + + Group (can be null) + + + + + Get or set Control flags. This is computed based on the current state of the SD. + + + + + Revision value + + + + + The resource manager control flags. + + + + + Get or set an associated NT type for this security descriptor. + + + + + Get or set mandatory label. Returns a medium label if it doesn't exist. + + + + + Get the process trust label. + + + + + Get list of access filters. + + + + + Get list of resource attributes. + + + + + Get the scoped policy ID. + + + + + Get or set the integrity level + + + + + Get or set the server security flag. + + + + + Get or set the DACL untrusted flag. + + + + + Get whether the DACL is present. + + + + + Get count of ACEs in DACL. + + + + + Get whether the SACL is present. + + + + + Get count of ACEs in DACL. + + + + + Indicates if the security descriptor was constructed from a self relative format. + + + + + Indicates if the SD's DACL is canonical. + + + + + Indicates if the SD's SACL is canonical. + + + + + Indicates if the SD's DACL is defaulted. + + + + + Indicates if the SD's SACL is defaulted. + + + + + Indicates if the SD's DACL is auto-inherited. + + + + + Indicates if the SD's SACL is auto-inherited. + + + + + Indicates if the SD came from a container. + + + + + Indicates the SD has audit ACEs present. + + + + + Indicates the SD has a mandatory label ACE present. + + + + + Indicates the SD has a NULL DACL. + + + + + Indicates the SD has a NULL SACL. + + + + + Get the access rights enum type for this SD based on the NT Type property. + + + + + Get the mandatory label. Returns null if it doesn't exist. + + True to include InheritOnly ACEs in the search. + The valid mandatory ACE for this security descriptor. Or null if it doesn't exist. + + + + Get the mandatory label. Returns null if it doesn't exist. + + The valid mandatory ACE for this security descriptor. Or null if it doesn't exist. + + + + Convert security descriptor to a byte array + + The binary security descriptor + + + + Convert security descriptor to SDDL string + + The parts of the security descriptor to return + True to throw on error. + The SDDL string + + + + Convert security descriptor to SDDL string + + The parts of the security descriptor to return + The SDDL string + + + + Convert security descriptor to SDDL string + + True to throw on error. + The SDDL string + + + + Convert security descriptor to SDDL string + + The SDDL string + + + + Converts the security to a base64 string. + + True to insert line breaks in the base64. + The relative SD as a base64 string. + + + + Converts the security to a base64 string. + + The relative SD as a base64 string. + + + + Convert security descriptor to a safe buffer. + + True to return an absolute security descriptor, false for self-relative. + True to throw on error. + A safe buffer for the security descriptor. + + + + Convert security descriptor to a safe buffer. + + True to return an absolute security descriptor, false for self-relative. + A safe buffer for the security descriptor. + + + + Convert security descriptor to a safe buffer. + + A safe buffer for the security descriptor. + This returns a self-relative security descriptor. + + + + Add an ACE to the DACL, creating the DACL if needed. + + The ACE to add to the DACL. + + + + Add an ACE to the SACL, creating the SACL if needed. + + The ACE to add to the SACL. + + + + Add an access allowed ACE to the DACL + + The access mask + The ACE flags + The SID in SDDL form + + + + Add an access allowed ACE to the DACL + + The access mask + The SID in SDDL form + + + + Add an access allowed ACE to the DACL + + The access mask + The ACE flags + The SID + + + + Add an access allowed ACE to the DACL + + The access mask + The SID + + + + Add an access denied ACE to the DACL + + The access mask + The ACE flags + The SID in SDDL form + + + + Add an access denied ACE to the DACL + + The access mask + The SID in SDDL form + + + + Add an access denied ACE to the DACL + + The access mask + The SID + + + + Add an access denied ACE to the DACL + + The access mask + The ACE flags + The SID + + + + Add an audit success ACE to the SACL + + The access mask + The SID in SDDL form + + + + Add an audit success ACE to the SACL + + The access mask + The SID + + + + Add an access denied ACE to the DACL + + The access mask + The SID in SDDL form + + + + Add an audit fail ACE to the SACL + + The access mask + The SID + + + + Add mandatory integrity label to SACL + + The integrity level + + + + Add mandatory integrity label to SACL + + The integrity level + The mandatory label policy + + + + Add mandatory integrity label to SACL + + The integrity level + The ACE flags. + The mandatory label policy + + + + Add mandatory integrity label to SACL + + The integrity label SID + The ACE flags. + The mandatory label policy + + + + Removes the mandatory label if it exists. + + + + + Map all generic access in this security descriptor to the default type specified by NtType. + + + + + Map all generic access in this security descriptor to a specific type. + + The type to get the generic mapping from. + + + + Map all generic access in this security descriptor to a specific type. + + The generic mapping. + + + + Unmap all generic access in this security descriptor to the default type specified by NtType. + + + + + Unmap all generic access in this security descriptor to a specific type. + + The type to get the generic mapping from. + + + + Unap all generic access in this security descriptor to a specific type. + + The generic mapping. + + + + Modifies a security descriptor from a new descriptor. + + The security descriptor to update with. + The parts of the security descriptor to update. + Auto inherit flags. + Optional token for the security descriptor. + Generic mapping. + True to throw on error. + The NT status code. + + + + Modifies a security descriptor from a new descriptor. + + The security descriptor to update with. + The parts of the security descriptor to update. + Auto inherit flags. + Optional token for the security descriptor. + Generic mapping. + + + + Converts the SD to an Auto-Inherit security descriptor. + + The parent security descriptor. + Optional object type GUID. + True if a directory. + Generic mapping for the object. + True to throw on error. + The NT status code. + + + + Converts the SD to an Auto-Inherit security descriptor. + + The parent security descriptor. + Optional object type GUID. + True if a directory. + Generic mapping for the object. + + + + Canonicalize the DACL if it exists. + + + + + Canonicalize the SACL if it exists. + + + + + Standardize security descriptor according to Active Directory rules. + + + + + Clone the security descriptor. + + The cloned security descriptor. + + + + Overridden ToString method. + + The security descriptor as an SDDL string. + + + + Constructor. + + Native pointer to security descriptor. + + + + Constructor. + + The process containing the security descriptor. + Native pointer to security descriptor. + + + + Constructor + + + + + Constructor. + + The NT type for the security descriptor. + + + + Constructor + + Binary form of security descriptor + Optional NT type for security descriptor. + + + + Constructor + + Binary form of security descriptor + + + + Constructor from a token default DACL and ownership values. + + The token to use for its default DACL. + + + + Constructor + + Base object for security descriptor + Token for determining user rights + True if a directory security descriptor + + + + Constructor from an SDDL string + + The SDDL string + Thrown if invalid SDDL + + + + Constructor from an SDDL string + + The SDDL string + Optional NT type for security descriptor. + Thrown if invalid SDDL + + + + Parse a security descriptor. + + Native pointer to security descriptor. + The NT type for the security descriptor. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor. + + Native pointer to security descriptor. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor. + + Safe buffer to security descriptor. + The NT type for the security descriptor. + True if the security descriptor is from a container. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor. + + Safe buffer to security descriptor. + The NT type for the security descriptor. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor. + + Safe buffer to security descriptor. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor. + + Binary form of security descriptor + The NT type for the security descriptor. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor. + + Binary form of security descriptor + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor. + + The SDDL form of the security descriptor. + The NT type for the security descriptor. + True if the security descriptor is from a container. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor. + + The SDDL form of the security descriptor. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor from a base64 string + + The base64 string. + The NT type for the security descriptor. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor from a base64 string + + The base64 string. + True to throw on error. + The parsed Security Descriptor. + + + + Parse a security descriptor from a base64 string + + The base64 string. + The parsed Security Descriptor. + + + + Create a new security descriptor from a parent. + + The parent security descriptor. Can be null. + The creator security descriptor. + Optional list of object type GUIDs. + True if the objec to assign is a directory. + Auto inherit flags. + Optional token for the security descriptor. + Generic mapping. + True to throw on error. + The new security descriptor. + + + + Create a new security descriptor from a parent. + + The parent security descriptor. Can be null. + The creator security descriptor. + Optional list of object type GUIDs. + True if the objec to assign is a directory. + Auto inherit flags. + Optional token for the security descriptor. + Generic mapping. + The new security descriptor. + + + + Create a new security descriptor from a parent. + + The parent security descriptor. Can be null. + The creator security descriptor. + True if the objec to assign is a directory. + Auto inherit flags. + Optional token for the security descriptor. + Generic mapping. + True to throw on error. + The new security descriptor. + + + + Create a new security descriptor from a parent. + + The parent security descriptor. Can be null. + The creator security descriptor. + True if the objec to assign is a directory. + Auto inherit flags. + Optional token for the security descriptor. + Generic mapping. + The new security descriptor. + + + + Create a new security descriptor from a parent. + + The parent security descriptor. Can be null. + The creator security descriptor. + True if the objec to assign is a directory. + Auto inherit flags. + Optional token for the security descriptor. + Generic mapping. + True to throw on error. + The new security descriptor. + + + + Create a new security descriptor from a parent. + + The parent security descriptor. Can be null. + The creator security descriptor. + True if the objec to assign is a directory. + Auto inherit flags. + Optional token for the security descriptor. + Generic mapping. + The new security descriptor. + + + + A security descriptor SID which maintains defaulted state. + + + + + The SID. + + + + + Indicates whether the SID was defaulted or not. + + + + + Constructor from existing SID. + + The SID. + Whether the SID was defaulted or not. + + + + Convert to a string. + + The string form of the SID + + + + Clone the security descriptor SID. + + The cloned SID. + + + + The type of the security attribute name. + + + + + Class to represent an attribute name operand. + + + + + The type of attribute. + + + + + The name of the attribute. + + + + + Constructor. + + The type of the attribute. + The name of the attribute. + + + + Overridden ToString method. + + The object as a string. + + + + Class to represent a composite conditional operand. + + + + + List of operands. + + + + + Constructor. + + + + + Overridden ToString method. + + The object as a string. + + + + Class to represent a conditional expression. + + + + + Serialize the expression to a byte array. + + The expression as a byte array. + + + + Overridden ToString method. + + The object as a string. + + + + Parse a binary conditional expression. + + The data to parse. + True to throw on error. + The parsed conditional expression. + + + + Parse a binary conditional expression. + + The data to parse. + The parsed conditional expression. + + + + Parse an SDDL conditional expression. + + The SDDL expression to parse. + True to throw on error. + The parsed conditional expression. + + + + Parse an SDDL conditional expression. + + The SDDL expression to parse. + The parsed conditional expression. + + + + Get list of the conditional operands. + + + + + Size of conditional integer operand. + + + + + Sign of conditional integer operand. + + + + + Base of conditional integer operand. + + + + + Class to represent a conditional integer operand. + + + + + Size of the integer. + + + + + Value of the integer. + + + + + Sign of the integer. + + + + + Base of the integer. + + + + + Constructor. + + + + + Overridden ToString method. + + The object as a string. + + + + Class to represent an octet string conditional operand. + + + + + The value of the operand. + + + + + Constructor. + + The value of the operand. + + + + Overridden ToString method. + + The object as a string. + + + + Abstract class to represent a conditional expression operand. + + + + + Conditional operator type. + + + + + Class to represent a conditional operator operand. + + + + + The type of operator. + + + + + Constructor. + + The type of operator. + + + + Overridden ToString method. + + The object as a string. + + + + Class to represent a SID conditional operand. + + + + + The SID value. + + + + + Constructor. + + The SID value. + + + + Overridden ToString method. + + The object as a string. + + + + Class to represent a string conditional operand. + + + + + The string value. + + + + + Constructor. + + The string value. + + + + Overridden ToString method. + + The object as a string. + + + + Interface for an NT object to query and set a security descriptor. + + + + + Get the name of the object. + + + + + Get the NtType for this object. + + The NtType for the object. + + + + Get the object's security descriptor. + + + + + Get whether the object is a container. + + + + + Check if access is granted to a set of rights + + The access rights to check + True if all the access rights are granted + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + True to throw on error. + The NT status code. + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + The security descriptor + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + True to throw on error. + The security descriptor + + + + Class representing a Central Access Policy. + + + + + The CAP SID. + + + + + CAP Flags. + + + + + Name of the CAP. + + + + + Description of the CAP. + + + + + Change ID. Normally a date time when changed. + + + + + The list of rules associated with this policy. + + + + + Parse the policy from the registry. + + The base key for the registry policy. + True to throw on error. + The list of Central Access Policies. + + + + Parse the policy from the registry. + + True to throw on error. + The list of Central Access Policies. + + + + Parse the policy from the registry. + + The list of Central Access Policies. + + + + Parse the policy from the Local Security Authority. + + True to throw on error. + The list of Central Access Policies. + + + + Parse the policy from the Local Security Authority. + + The list of Central Access Policies. + + + + Class representing a Central Access Rule. + + + + + CAP Rule Flags. + + + + + Name of the CAP Rule. + + + + + Description of the CAP Rule. + + + + + Change ID. Normally a date time when changed. + + + + + Conditional Expression to determine who to applie the rule to. + + + + + The CAP Rule security descriptor. + + + + + The CAP Rule staged security descriptor. + + + + + Class to represent a Security Identifier. + + + + + Maximum size of a SID buffer. + + + + + The SIDs authority. + + + + + List of the SIDs sub authorities. + + + + + Get the account name of the SID or the SDDL form if no corresponding name. + + + + + Constructor for authority and sub authorities. + + The identifier authority. + The sub authorities. + + + + Constructor for authority and sub authorities. + + The identifier authority. + The sub authorities. + + + + Constructor from an unmanged buffer. + + A pointer to a buffer containing a valid SID. + Thrown if the buffer is not valid. + + + + Constructor from an unmanged buffer. + + A safe buffer containing a valid SID. + Thrown if the buffer is not valid. + + + + Constructor from a safe SID handle. + + A safe SID handle containing a valid SID. + Thrown if the buffer is not valid. + + + + Constructor from an manged buffer. + + A buffer containing a valid SID. + Thrown if the buffer is not valid. + + + + Constructor from existing Sid. + + The existing Sid. + + + + Constructor from an SDDL string. + + The SID in SDDL format. + + new Sid("S-1-0-0"); + new Sid("WD"); + + + + + + Constructor from a SID name. + + The SID name. + + + + Construct a SID from a binary reader. + + The binary reader. + + + + Convert the SID to a safe buffer. + + The safe buffer containing the SID. + + + + Convert to a managed byte array. + + The managed byte array. + + + + Compares two sids to see if their prefixes are the same. The sids must have the same number of subauthorities. + + The sid to compare against + True if the sids share a prefix. + + + + Compare two Sids. + + The other Sid to compare. + True if the Sids are equal. + + + + Equality operator. + + Sid 1 + Sid 2 + True if the Sids are equal. + + + + Inequality operator. + + Sid 1 + Sid 2 + True if the Sids are not equal. + + + + Get hash code. + + The hash code. + + + + Convert to an SDDL format string. + + The SDDL format string (e.g. S-1-1-0) + + + + Does this SID dominate another. + + The other SID. + True to throw on error. + True if the sid dominates. + + + + Does this SID dominate another. + + The other SID. + True if the sid dominates. + + + + Does this SID dominate another for trust. + + The other SID. + True to throw on error. + True if the sid dominates. + + + + Does this SID dominate another for trust. + + The other SID. + True if the sid dominates. + + + + Checks if the SID starts with the specified SID. + + The specified SID to check against. + True if the current SID starts with the specified SID. + + + + Create a SID relative to this one. + + The list of RIDs. + The relative SID. + + + + Create a SID sibling to this SID. + + The RIDs to replace the final RID with. + The sibling SID. + This replaces the final RID with one or more addditional RIDs. + + + + Get the SID name for this SID. + + True to bypass the SID name cache. + The SID name. + + + + Get the SID name for this SID. + + The SID name. + + + + Convert an SDDL SID string to a Sid + + The SDDL SID string + True to throw on error. + The converted Sid + Thrown if cannot convert from a SDDL string. + + + + Convert an SDDL SID string to a Sid + + The SDDL SID string + The converted Sid + Thrown if cannot convert from a SDDL string. + + + + Parse a byte array. + + The byte array to parse. + True to throw on error. + The parsed SID. + + + + Parse a byte array. + + The pointer to parse. + True to throw on error. + The parsed SID. + + + + Predefined security authorities + + + + + Represents an identifier authority for a SID. + + + + + Get a reference to the identifier authority. This can be used to modify the value + + + + + Constructor. + + + + + Construct from an existing authority array. + + The authority, must be 6 bytes in length. + Thrown if authority is not the correct length. + + + + Constructor from a simple predefined authority. + + The predefined authority. + + + + Construct from an Int64. + + The authority as an Int64. + + + + Compares authority to another. + + The other authority to compare against. + True if authority is equal. + + + + Get hash code. + + The authority hash code. + + + + Determines if this is a specific security authority. + + The security authority. + True if the security authority. + + + + Convert authority to a 64 bit integer. + + The authority as a 64 bit integer. + + + + Overridden ToString method. + + The security authority as a string. + + + + Source for a SID name. + + + + + SDDL string. + + + + + LSASS lookup. + + + + + Named capability. + + + + + Package name SID. + + + + + From a process trust level. + + + + + Well known SID. + + + + + Scoped policy SID. + + + + + Manually added name. + + + + + Represents a name for a SID. + + + + + The qualified name of the SID. Either the combination of + Domain and Name or the SDDL SID. + + + + + The domain name, if present. + + + + + The user name. + + + + + The source of name. + + + + + The use of the name. + + + + + The SDDL format of the SID. + + + + + Used for caching. Indicates the lookup name was denied rather than not available. + + + + + Disposable class to scope an impersonation context. + + + + + Revert impersonation back to the current user. + + + + + Class to represent the state of a token privilege + + + + + Privilege attributes + + + + + Privilege LUID + + + + + Get the token privilege value enum. + + + + + Get the name of the privilege + + The privilege name + + + + Get the display name/description of the privilege + + The display name + + + + Get whether privilege is enabled + + + + + Get whether privilege is enabled + + + + + Constructor + + The privilege LUID + The privilege attributes + + + + Constructor + + The privilege value + The privilege attributes + + + + Constructor + + The privilege name. + The privilege attributes + + + + Constructor + + The privilege name. + + + + Conver to a string + + The privilege name. + + + + Standard UNICODE_STRING class + + + + + Standard UNICODE_STRING class based on a SecureString class. + + + + + Structure to use when passing in a unicode string as a sub-structure with a seure string. + + + + + Standard ANSI_STRING class + + + + + This class is used when the UNICODE_STRING is an output parameter. + The allocatation of the buffer is handled elsewhere. + + + + + Convert unicode string to an array. + + The unicode string data as an array. + + + + This class is used when the UNICODE_STRING is an output parameter. + The allocatation of the buffer is handled elsewhere. + + + + + Structure to use when passing in a unicode string as a sub-structure. + + + + + This class is used when the UNICODE_STRING needs to be preallocated + and then returned back from a caller. + + + + + Implements a UnicodeString which contains raw bytes. + + + + + Constructor. + + The bytes for the name. + + + + Get a null safe buffer. + + + + + Class to represent a user group + + + + + The SID of the user group + + + + + The attributes of the user group + + + + + Get whether the user group is enabled + + + + + Get whether the user group is mandatory + + + + + Get whether the user group is used for deny only + + + + + Get the resolved name of the SID. + + + + + Constructor + + The SID + The attributes + + + + Constructor from a SID. + + The SID + + + + Constructor from a SID or account name. + + The SID or account name. + + + + Convert to a string + + The account name if available or the SDDL SID + + + + Basic utilities for ASN1 support. + + + + + Format an array of ASN.1 DER to a string. + + The ASN.1 data in DER format. + Initial identation depth. + The formatted DER data. + + + + Format an file containing of ASN.1 DER to a string. + + The path to the file containing ASN.1 data in DER format. + Initial identation depth. + The formatted DER data. + + + + Class to do basic ASN1 DER generation. + + + + + Constructor. + + The stream to write the DER data to. + + + + Constructor. + + + + + Write an object ID. + + The object ID to write. + + + + Write raw bytes to the stream. + + The bytes to write. + + + + Write an octet-string to the stream. + + The octet string. + + + + Write a NULL value. + + + + + Write a 32-bit integer. + + The integer value. + + + + Write a 64-bit integer. + + The integer value. + + + + Write an arbitrary integer. + + The integer value. + + + + Write a sequence based on the contents of another DER builder. + + The builder for the contents. + + + + Write a sequence based on the contents of another DER builder. + + The build function for the contents. + + + + Write a sequence based on the contents of another DER builder. + + Write a sequence of fixed values. + The build function for the contents. + + + + Create a sequence builder. + + The created builder. + You should call Close or dispose on the created builder to write the tag. + + + + Write an application specific tag with contents from the builder. + + The ID of the application specific tag. + The builder for the contents. + + + + Write an application specific tag with contents from the builder. + + The ID of the application specific tag. + The build function for the contents. + + + + Create an application specific builder. + + The ID of the application specific tag. + The created builder. + You should call Close or dispose on the created builder to write the tag. + + + + Write a context specific tag with specified contents. + + The ID of the context specific tag. + The contents of the context specific value. + + + + Write a context specific tag with contents from the builder. + + The ID of the context specific tag. + The builder for the contents. + + + + Write an application specific tag with contents from the builder. + + The ID of the context specific tag. + The build function for the contents. + + + + Create a context specific builder. + + The ID of the context specific tag. + The created builder. + You should call Close or dispose on the created builder to write the tag. + + + + Write a general encoded string. + + The string + The encoding to covert to. + + + + Write a general encoded string using ASCII encoding. + + The string + + + + Write a UTF8 string. + + The UTF8 string + + + + Write an IA5 string. + + The IA5 string + + + + Write a generalized time. + + The time to write. + + + + Convert builder to a byte array. + + The DER encoded data. + + + + A DER builder for a sub-structure.. + + You should call Close or dispose the builder to write the sub-structure. + + + + Close the builder and write its contents to the parent builder. + + + + + Static class for DER builder utility functions. + + + + + A basic ASN.1 DER parser to process Kerberos and SPNEGO Tokens. + + + + + Class containing known OID values. + + + + + Class to implement a scoped file lock. + + + + + Lock part of a file. + + The file to lock. + The offset into the file to lock + The number of bytes to lock + True to fail immediately if the lock can't be taken + True to do an exclusive lock + True to throw on error. + The NT status code. + + + + Lock part of a file. + + The file to lock. + The offset into the file to lock + The number of bytes to lock + True to fail immediately if the lock can't be taken + True to do an exclusive lock + The NT status code. + + + + Unlock the file. + + + + + IMemoryReader implementation for a process. + + + + + Class to compress and decompress buffers using RtlCompressionBuffer. + + + + + Decompress a buffer. + + The compression format used. + The compressed buffer. + The expected uncompressed length. + True to throw on error. + The uncompressed buffer. + + + + Decompress a buffer. + + The compression format used. + The compressed buffer. + The expected uncompressed length. + The uncompressed buffer. + + + + IMemoryReader implementation for a process. + + + + + Class which calls a delegate on dispose. + + + + + Constructor. + + The delegate to call on dispose. + + + + Dispose and call the action. + + + + + A container which can detach an innner reference. + + + + + + Get the contained value. + + + + + Detach the object so the original isn't disposed. + + Detached object. + + + + Miscellaneous utilities. + + + + + Convert a disposable object to a detachable object. + + The disposable object type. + The disposable object. + The disposable container. + + + + Utilities for reflection. + + + + + Get the SDK name for a type, if available. + + The type to get the name for. + The SDK name. Returns the name of the type if not available. + + + + Get the SDK name for an enum, if available. + + The enum to get the name for. + The SDK name. If the enum is a flags enum then will return the names joined with commas. + + + + Get the SDK name an object. + + The object to get the name from. If this isn't an Enum or Type then the Type of the object is used. + The SDK name. + + + + Class to create a view. This never owns the handle. + + + + + Detaches the current handle and allocates a new one. + + The detached buffer. + The original buffer will become invalid after this call. + + + + A buffer which contains an array of GUID pointers. + + + + + The count of GUIDs. + + + + + Constructor. + + The list of GUIDs. + + + + Get NULL safe buffer. + + + + + Basic implementation of ARC4. + + + + + Encrypt, or decrypt an ARC4 stream. + + The data to encrypt/decrypt. + Offset into the data to decrypt. + Length of data to decrypt. + The key to decrypt. + The resulting bytes. + + + + Encrypt, or decrypt an ARC4 stream. + + The data to encrypt/decrypt. + The key to decrypt. + The resulting bytes. + + + + Basic implementation of MD4. + + + This could have called out to the CNG APIs or dug into the + internals of the existing .NET crypto APIs but as MD4 is so + simple and it doesn't need to be secure (seriously don't use + this). This uses the reference implementation from RFC1320. + + + + + Calculate the MD4 hash of an input. + + The input bytes. + The MD4 hash. + + + + Calculate the MD4 hash of a string. + + The input string. + Encoding for the string. + The MD4 hash. + + + + Calculate the MD4 hash of a unicode string. + + The input string. + The MD4 hash. + + + + Class to perform the n-fold operation for Kerberos key derivation. + + + + + Perform an n-fold operation. + + The input data as a string. + The output length in bytes. + The computed n-folded byte array. + + + + Perform an n-fold operation. + + The input data. + The output length in bytes. + The computed n-folded byte array. + + + + A tree of Object Types. + + + + + Constructor. + + Entries to setup in the tree. + + + + Contructor. + + The object type GUID. + The name of the root object. + + + + Contructor. + + The object type GUID. + + + + Contructor. + + The object type GUID as a string. + + + + List of child nodes in the tree. + + + + + The parent of this tree. + + + + + The Object Type GUID. + + + + + Optional access mask for use in access checking. + + + + + Optional label for this tree entry. + + + + + Indicates the number of total entries this tree contains. + + + + + Add a new object type to the tree. + + The object type. + The name of the node. + The added tree object. + + + + Add a new object type to the tree. + + The object type. + The added tree object. + + + + Add an existing node to the tree. + + The node to add. + + + + Add an existing list of nodes to the tree. + + The nodes to add. + + + + Removes all object types from the tree. + + The object type. + The removed tree object. + + + + Removes all object types from the tree. + + The object type. + The removed tree object. + + + + Remove the current tree entry from the parent. + + + + + Convert the tree to an array. + + The array of ObjectTypeEntry objects. + + + + Clone the object type tree. + + The cloned tree. + + + + Set the access mask of this tree node and all children. + + The mask to set. + + + + Remove access mask from this tree node and children and propgate that up the tree. + + The mask to remove. + + + + Find an object type tree entry based on a GUID. + + The object type GUID. + The first entry found, null if doesn't exist. + + + + Split the tree up to reduce the maximum number of entries. + + This will try and keep whole branches together if at all possible, + but might split them up. This could result in incorrect access checking. + The maximum number of entries per tree. + One or more split trees. + + + + Overridden ToString method. + + The object formatted. + + + + Encoding object which converts 1 to 1 with bytes. + + + + + Default instance of the encoding. + + + + + Get the encoding name. + + + + + Get byte count for characters. + + The character array. + Index into the array. + Number of characters in the array to use. + The number of bytes this character array requires. + + + + Get bytes for characters. + + The character array. + Index into the array. + Number of characters in the array to use. + The index into the byte array. + The byte array to copy into. + The number of bytes generated. + + + + Get the character count for bytes. + + The byte array. + Index into the array. + Number of bytes in the array to use. + The number of characters this byte array requires. + + + + Get byte count for characters. + + The character array. + Index into the array. + Number of bytes in the array to use. + The index into the byte array. + The byte array to copy into. + The number of characters generated. + + + + Get maximum bytes for a number of characters. + + + + + + + Get maximum characters for a number of bytes. + + + + + + + Indicates if the encoding is a single byte. + + + + + A single extract string instance. + + + + + The string value. + + + + + The offset in the buffer. + + + + + True if the string was 16-bit Unicode. + + + + + Source of the string. Empty if was from a byte array. + + + + + Overridden ToString method. + + The value of the extracted string. + + + + Specify types of strings to extract. + + + + + Extract ASCII strings. + + + + + Extract Unicode strings. + + + + + Class to build a hex dump from a stream of bytes. + + + + + Append an array of bytes to the hex dump. + + The byte array. + The length of the bytes to append from the array. + The start offset in the bytes to append. + + + + Append an array of bytes to the hex dump. + + The byte array. + + + + Append a file or part of a file. + + The path to the file. + The length of the file to append. If 0 will append all remaining data. + The start offset in the file to append. + + + + Append a file or part of a file. + + The path to the file. + + + + Complete the hex dump string. + + + + + Finish builder and convert to a string. + + The hex dump. + + + + Constructor. + + Print a header. + Print the address. + Print the ASCII text. + Hide repeating lines. + Offset for address printing. + + + + Constructor. + + The safe buffer to print. + The length to display. + The offset into the buffer to display. + Print a header. + Print the address. + Print the ASCII text. + Hide repeating lines. + + + + Constructor. + + The safe buffer to print. + Print a header. + Print the address. + Print the ASCII text. + Hide repeating lines. + + + + Constructor. + + The stream to print. + Print a header. + Print the address. + Print the ASCII text. + Hide repeating lines. + Offset for address printing. + + + + Constructor. + + + + + Parse a hex dump into a byte array. + + The hex string. Can contain non-hex characters. + The parsed string as a byte array. + This won't necessarily parse correctly an arbitary hex dump, but it will if you just use the hex of the bytes. + + + + Parse a hex string into a byte array. + + The hex string. Can contain non-hex characters. + The parsed string as a byte array. + True if the parse was successful. + This won't necessarily parse correctly an arbitary hex dump, but it will if you just use the hex of the bytes. + + + + Utility class to extract strings from a byte value. + + + + + Extracts strings from a binary buffer. + + The data to search. + The length of the data to search. + The minimum string length. + The offset into the data to search. + The type of strings to search for. + The list of extracted strings. + + + + Extracts strings from a binary buffer. + + The data to search. + The minimum string length. + The type of strings to search for. + The list of extracted strings. + + + + Extracts strings from a stream. + + The stream to extract strings from. + The minimum string length. + The type of strings to search for. + The list of extracted strings. + + + + Extracts strings from a file. + + The file to search. + The minimum string length. + The type of strings to search for. + The list of extracted strings. + + + + Extracts strings from a safe buffer. + + Safe buffer to extract the value from. + The minimum string length. + The type of strings to search for. + The list of extracted strings. + + + + Extracts strings from a safe buffer. + + Safe buffer to extract the value from. + The minimum string length. + The type of strings to search for. + The length of the data to search. + The offset into the data to search. + The list of extracted strings. + + + + Class to call NT functions for manipulating strings. + + + + + Upper case a character according to the internal NTDLL string routines. + + The character to upper case. + The upper case character. + + + + Upper case a string according to the internal NTDLL string routines. + + The string to upper case. + True to throw on error. + The upper case string. + + + + Upper case a string according to the internal NTDLL string routines. + + The string to upper case. + The upper case string. + + + + Lower case a character according to the internal NTDLL string routines. + + The character to lower case. + The lower case character. + + + + Lower case a string according to the internal NTDLL string routines. + + The string to lower case. + True to throw on error. + The lower case string. + + + + Lower case a string according to the internal NTDLL string routines. + + The string to lower case. + The lower case string. + + + + Builder for a claim security attribute. + + + + + Name of the security attribute. + + + + + Attribute flags. + + + + + The value type. + + + + + The current list of values. + + + + + Convert build to a claim attribute. + + + + + + Create a claim security attribute builder. + + The name of the security attribute. + The attribute flags. + The value for the attribute. + The builder instance. + + + + Create a claim security attribute builder. + + The name of the security attribute. + The attribute flags. + The value for the attribute. + The builder instance. + + + + Create a claim security attribute builder. + + The name of the security attribute. + The attribute flags. + The value for the attribute. + The builder instance. + + + + Create a claim security attribute builder. + + The name of the security attribute. + The attribute flags. + The value for the attribute. + The builder instance. + + + + Create a claim security attribute builder. + + The name of the security attribute. + The attribute flags. + The value for the attribute. + The builder instance. + + + + Create a claim security attribute builder. + + The name of the security attribute. + The attribute flags. + The value for the attribute. + The builder instance. + + + + Create a claim security attribute builder. + + The name of the security attribute. + The attribute flags. + The value for the attribute. + The builder instance. + + + + Create a claim security attribute builder. + + An existing attribute to clone. + The builder instance. + + + + A class which represents an AppContainer profile. + + + + + Create a new AppContainerProfile. + + The name of the AppContainer. + A display name. + An optional description. + An optional list of capability SIDs. + True to throw on error. + The created AppContainer profile. + If the profile already exists then it'll be opened instead. + + + + Create a new AppContainerProfile. + + The name of the AppContainer. + A display name. + An optional description. + An optional list of capability SIDs. + The created AppContainer profile. + If the profile already exists then it'll be opened instead. + + + + Create a temporary AppContainer profile. + + List of capabilities for the AppContainer profile. + The created AppContainer profile. + The profile will be marked to DeleteOnClose. In order to not leak the profile you + should wait till the process has exited and dispose this profile. + + + + Create a temporary AppContainer profile. + + The created AppContainer profile. + The profile will be marked to DeleteOnClose. In order to not leak the profile you + should wait till the process has exited and dispose this profile. + + + + Opens an AppContainerProfile. + + The name of the AppContainer. + True to throw no error. + The opened AppContainer profile. + This method doesn't check the profile exists. + + + + Opens an AppContainerProfile. + + The name of the AppContainer. + The opened AppContainer profile. + This method doesn't check the profile exists. + + + + Opens an AppContainerProfile and checks it exists. + + The name of the AppContainer. + True to throw no error. + The opened AppContainer profile. + This checks for the existence of the profile and also populates the additional information. + + + + Opens an AppContainerProfile and checks it exists. + + The name of the AppContainer. + The opened AppContainer profile. + This checks for the existence of the profile and also populates the additional information. + + + + Delete an existing profile. + + The AppContainer name. + True to throw on error. + The HRESULT from the delete operation. + + + + Delete an existing profile. + + The AppContainer name. + + + + Enumerate all AppContainer profiles. + + True to throw on error. + The list of appcontainer profiles. + + + + Enumerate all AppContainer profiles. + + The list of appcontainer profiles. + + + + Delete an existing profile. + + True to throw on error. + The HRESULT from the delete operation. + + + + Delete an existing profile. + + + + + Dispose of the AppContainer profile. If DeleteOnClose is set then the profile will be deleted. + + + + + Close an AppContainer profile. If DeleteOnClose is set then the profile will be deleted. + + + + + Open the AppContainer key. + + The desired access for the key. + True to throw on error. + The opened key. + + + + The AppContainer name. + + + + + The package SID + + + + + Path to the AppContainer profile directory. + + + + + Path to the AppContainer key. + + + + + Set to true to delete the profile when closed. + + + + + Get list of capabilities assigned to this AppContainer profile. + + + + + The display name for the AppContainer profile. + + + + + The description for the AppContainer profile. + + + + + Utilities for AppModel applications. + + + + + Activate an application from its Application Model ID. + + The app model ID. + Arguments for the activation. + True to throw on error. + The PID of the process. + + + + Activate an application from its Application Model ID. + + The app model ID. + Arguments for the activation. + The PID of the process. + + + + Get the list of package SIDs with a loopback exception. + + True to throw on error. + The list of package SIDs with a loopback exception. + + + + Get the list of package SIDs with a loopback exception. + + The list of package SIDs with a loopback exception. + + + + Add a loopback exception to the list. + + The package SID to add. + True to throw on error. + The NT status code. + + + + Add a loopback exception to the list. + + The package SID to add. + + + + Remove a loopback exception from the list. + + The package SID to remove. + True to throw on error. + The NT status code. + + + + Remove a loopback exception to the list. + + The package SID to remove. + + + + State of the console session. + + + + + User logged on to WinStation + + + + + WinStation connected to client + + + + + In the process of connecting to client + + + + + Shadowing another WinStation + + + + + WinStation logged on without client + + + + + Waiting for client to connect + + + + + WinStation is listening for connection + + + + + WinStation is being reset + + + + + WinStation is down due to error + + + + + WinStation in initialization + + + + + Class to represent a console session. + + + + + The session ID. + + + + + The Session Name. + + + + + The Username if any user authenticated. + + + + + The Domain Name for the User. + + + + + The Console Session State. + + + + + The hostname for the client. + + + + + The Farm name for Virtual Machine Farm. + + + + + Get the FQ User Name. + + + + + Type information for an array. + + + + + Get array element type. + + + + + Get number of array elements. + + + + + Type information for a base type. + + + + + Symbol information for a data value. + + + + + Address of the symbol. + + + + + Enumerated type value. + + + + + Name of the value. + + + + + The value as an int64. + + + + + Symbol information for an enumerated type. + + + + + Get the values for the enumerated type. + + + + + Class for a function parameter. + + + + + Name of the parameter. + + + + + Type of the parameter. + + + + + Type information for a function. + + + + + Type for the return type. + + + + + List of function parameters. + + + + + Interface for symbol type resolver. + + + + + Query types in a module. + + The base address of the module. + The list of types. + + + + Query names of types in a module. + + The base address of the module. + The list of type names. + + + + Get a type by name. + + The base address of the module containing the type. + The name of the type. + + + + + Query types by name + + The base address of the module containing the type. + A mask string for the type name. e.g. mod!ABC* + The list of types. + + + + Get the address of a symbol. + + The name of the symbol, should include the module name, e.g. modulename!MySymbol. + The symbol type. + + + + Get the address of a symbol. + + The address of the symbol. + The symbol type. + + + + Type information for a pointer value. + + + + + Get the type this pointer references. + + + + + Indicates this pointer is a reference. + + + + + The name of the symbol. + + + + + Class to represent a symbol information. + + + + + The name of the symbol. + + + + + Size of the symbol. + + + + + Get the loaded module for the symbol. + + + + + Type of the symbol. + + + + + Internal type index. + + + + + Overridden ToString method. + + Returns the symbol name. + + + + Enumeration for symbol type information. + + + + + None. + + + + + UDT. + + + + + Enumerated type. + + + + + A base type. + + + + + A function type. + + + + + A pointer type. + + + + + Undefined. + + + + + Flags for the symbol resolver. + + + + + No flags. + + + + + Trace symbol file loading + + + + + Disable resolving export symbols if no PDB can be found. + + + + + Enable a symbol server fallback. If the copy of dbghelp doesn't have a symsrv.dll + then download from a public symbol URL to a local cache directory during symbol + resolving. + + + + + Symbol information for a type. + + + + + Represents a member of a UDT. + + + + + The type of the member. + + + + + The name of the member. + + + + + The offset into the UDT. + + + + + The size of the member. + + + + + Represents a bit field member of a UDT. + + + + + If a bit field then this is the bit start position. + + + + + If a bit field this is the bit length. + + + + + Symbol information for an enumerated type. + + + + + The members of the UDT. + + + + + Indicates the UDT is a union. + + + + + Class to capture Win32 debug output. + + + + + Create an instance of the Win32 debug console. + + The session ID for the console. Set to 0 to capture global output. + True to throw on error. + The Win32 debug console. + + + + Create an instance of the Win32 debug console. + + The session ID for the console. Set to 0 to capture global output. + The Win32 debug console. + + + + Create an instance of the Win32 debug console for current session. + + True to throw on error. + The Win32 debug console. + + + + Create an instance of the Win32 debug console for current session. + + The Win32 debug console. + + + + Create an instance of the Win32 debug console for the global session. + + True to throw on error. + The Win32 debug console. + + + + Create an instance of the Win32 debug console for the global session. + + The Win32 debug console. + + + + Read a debug string from for the console asynchronously. + + The timeout in milliseconds. + Cancellation token. + The Win32 debug string. If timed out then Output property is null. + + + + Read a debug string from for the console asynchronously. + + The timeout in milliseconds. + The Win32 debug string. If timed out then Output property is null. + + + + Read a debug string from for the console asynchronously. + + The Win32 debug string. If timed out then Output property is null. + + + + Read a debug string from for the console. + + The timeout in milliseconds. + The Win32 debug string. If timed out then Output property is null. + + + + Read a debug string from for the console. + + The Win32 debug string. If timed out then Output property is null. + + + + Attach the debug console to another session. + + The session ID. + True to throw on error. + The NT status code. + + + + Attach the debug console to another session. + + The session ID. + + + + Dispose debug console. + + + + + Structure for a debug string event. + + + + + The process ID. + + + + + The output string. + + + + + Class to hold known bus type GUIDs. + + + + + Class to represent a device interface. + + + + + The name of the interface class. + + + + + The device interface GUID. + + + + + The list of device interface instances. + + + + + The list of all device interface properties. + + The device interface properties. + + + + Class containing well known device interface class GUIDs. + + + + + Convert interface class GUID to a string. + + + The name of the interface class GUID. + + + + Get the list of known interface GUIDs. + + The list of known interface guids. + + + + Class to represent a device interface instance. + + + + + The instance path to the device. + + + + + The raw device path. + + + + + The device interface class GUID. + + + + + The device instance ID for the device node. + + + + + Overridden ToString method. + + The Win32Path. + + + + The list of all device interface instance properties. + + The device interface instance properties. + + + + Device property types. + + + + + Class representing a device node. + + + + + The name of the device instance. + + + + + The device setup class GUID. + + + + + The device instance ID. + + + + + Get the device PDO name. + + + + + Get the device INF name. + + + + + Get the device INF path. + + + + + Get the device stack. + + + + + The the device stack as a list of driver paths. + + + + + Indicates if this is a per-session device. If null then not defined. + + + + + Indicates if this instance is present. + + + + + Indicates the name of the SCM service for the driver. + + + + + Get path to the driver. + + + + + Get driver start type. + + + + + Get the parent device node. + + The parent device node. Returns null if reached the root. + + + + List of upper filters. + + + + + List of lower filters. + + + + + Container ID. + + + + + Type of bus for the device. + + + + + Get if the device is a user-mode device. + + + + + The list of all device properties. + + The device properties. + + + + Get the setup class for this instance. + + Returns the setup class. + Thrown if invalid setup GUID. + + + + Get list of parent nodes. + + The list of parent nodes. + + + + Overridden ToString method. + + + + + + Optional security descriptor for device node. + + + + + Indicates the device node has a security descriptor. + + + + + Device property. + + + + + The name of the property, if known. + + + + + The FMTID Guid. + + + + + The PID. + + + + + The device property type. + + + + + Property data. + + + + + Format the data according to type. + + The formatted data. + + + + ToString method. + + The property as a string. + + + + Class to represent a device setup class. + + + + + The friendly name of the device. + + + + + The name of the device class. + + + + + The device class installer Guid. + + + + + The security descriptor for the device (if available). + + + + + Indicates the device setup class has a security descriptor. + + + + + The device type. + + + + + The device characteristics. + + + + + List of upper filters. + + + + + List of lower filters. + + + + + The list of all device setup properties. + + The device setup properties. + + + + Get device instances. + + Return all devices. + The list of devices instances. + + + + Get device instances. + + The list of devices instances. + + + + Enumerated type for device stack type. + + + + + Unknown type. + + + + + Entry is for the function driver. + + + + + Entry is for the bus driver. + + + + + Entry is for an upper filter. + + + + + Entry is for the lower filter. + + + + + Entry is for a filter. + + + + + Class to represent an entry on the stack. + + + + + Name of the driver. + + + + + Path to the driver. + + + + + Stack entry type. + + + + + Overridden ToString method. + + The name of the driver in the stack. + + + + Class to represent a node in a device tree. + + + + + List of child nodes. + + + + + Indicates if the node has any children. + + + + + Get the parent device node. + + The parent device node. Returns null if reached the root. + + + + Utilities for interacting with Device, Configuration and Setup APIs. + + + + + Get a list of device interfaces from an Interface GUID. + + The interface class GUID for the device. + Optional device ID. + True to get all devices, otherwise just present devices. + List of device interfaces. + + + + Get a list of present device interfaces from an Inteface GUID. + + The interface class GUID for the device. + List of device interfaces. + + + + Enumerate installer class GUIDs. + + The list of installer class GUIDs. + + + + Enumerate interface class GUIDs. + + The list of interface class GUIDs. + + + + Query the security descriptor for a device. + + The installer device class. + True to throw on error. + The security descriptor. + + + + Query the security descriptor for a device. + + The installer device class. + The security descriptor. + + + + Get list of registered device setup classes. + + The list of device setup classes. + + + + Get a device setup class by GUID. + + The class GUID. + The device setup class. + + + + Get list of registered device interfaces. + + True to return all devices. + The list of device interfaces. + + + + Get list of registered device interfaces. + + The list of device interfaces. + + + + Get a device interface class by GUID. + + The class GUID. + True to return all devices. + The device interface class. + + + + Get a device interface class by GUID. + + The class GUID. + The device interface class. + + + + Get list of device nodes. + + Return all devices including ones which aren't present. + The list of device nodes. + + + + Get list of present device nodes. + + The list of device entries. + + + + Get list of device entries. + + Specify the Device Setup Class GUID. + Only return present devices. + The list of device entries. + + + + Get list of present device entries. + + Specify the Device Setup Class GUID. + The list of device entries. + + + + Get the device node from a device ID. + + The instance ID to lookup.. + The device node. + + + + Get device tree. + + The device tree's root node. + + + + Get the node from a device instance ID. + + The instance ID to start from. + The root device node. + + + + Get all device interface instances. + + + + + Get all device interface instances for a given interface class GUID. + + + + + Get an interface instance from the interface instance path. + + The path to the interface symbolic link. e.g. \??\SOME$VALUE. + + + + Interface to indicate the device object has properties. + + + + + The list of all device properties. + + The device properties. + + + + Access rights for Active Directory Services. + + + + + Class to represent a binding to a directory service. + + + + + Crack one or more names on the domain controller. + + Flags for the cracking. + Format of the names. + Desired format of the names. + The list of names to crack. + True to throw on error. + The cracked names. + + + + Crack one or more names on the domain controller. + + Flags for the cracking. + Format of the names. + Desired format of the names. + The list of names to crack. + The cracked names. + + + + Crack a name on the domain controller. + + Flags for the cracking. + Format of the name. + Desired format of the name. + The name to crack. + True to throw on error. + The cracked name. + + + + Crack a name on the domain controller. + + Flags for the cracking. + Format of the name. + Desired format of the name. + The name to crack. + The cracked name. + + + + Get naming contexts for domain. + + True to throw on error. + The naming contexts. + + + + Get naming contexts for domain. + + The naming contexts. + + + + Bind to a directory service. + + The name of the domain controller. Can be null. + The DNS domain name. + True to throw on error. + The directory service binding. + + + + Bind to a directory service. + + The name of the domain controller. Can be null. + The DNS domain name. + The directory service binding. + + + + Bind to the current directory service. + + The directory service binding. + + + + Dispose the binding. + + + + + Class to represent an directory service extended right queries from the current domain. + + + + + The common name of the extended right. + + + + + The distinguished name for the extended right. + + + + + The domain name searched for this extended right. + + + + + The rights GUID for this extended right. + + + + + The list of applies to GUIDs. + + + + + The valid accesses for this extended right. + + + + + Get list of properties if a property set. + + + + + True if this a property set extended right. + + + + + True if this is a validated write extended right. + + + + + True if this is a control extended right. + + + + + Overridden ToString method. + + The name of the extended right. + + + + Convert the extended right to an object type tree. + + The tree of object types. + + + + Convert the extended right to an object type tree. + + The extended right to convert. + The tree of object types. + + + + Flags and settings from the dSHeuristics attribute. + + + + + The fSupFirstLastANR flag. + + + + + The fSupLastFirstANR flag. + + + + + The fDoListObject flag. + + + + + The fLDAPBlockAnonOps flag. + + + + + The fAllowAnonNSPI flag. + + + + + The fDontStandardizeSDs flag. + + + + + The raw value for the dsHeuristics attribute. + + + + + The domain where the value was read. + + + + + Directory services name error. + + + + + Directory services name flags. + + + + + Directory services name format. + + + + + Structure to represent a directory service name. + + + + + Status of the name. + + + + + Domain of the name. + + + + + Name of the name. + + + + + Native methods for directory services. + + + + + Object type level for a directory object. + + + + + Object type. + + + + + Property set type. + + + + + Property type. + + + + + Class to represent an a class which is referenced from another. For example auxiliary or superior classes. + + + + + The name of the class. + + + + + Whether the class is a system class. + + + + + Get the full schema class for this reference. + + The schema class. + + + + Class to represent a directory service schema attribute. + + + + + The attributes syntax. + + + + + The OM syntax. + + + + + The OM object class. + + + + + The name of the attribute syntax type if known. + + + + + The GUID of the containing property set, if it exists. + + + + + Indicates if the attribute is in a property set. + + + + + Class to represent a directory service schema class. + + + + + The subclass schema name. + + + + + List of attributes the class can contain. + + + + + The default security descriptor. + + + + + The default security descriptor in SDDL format. + + + + + The list of auxiliary classes for this class. + + + + + The category of schema class. + + + + + The list of possible superior classes for this class. + + + + + Possible inferiors of the class. + + + + + Structure to represent an attribute for a class. + + + + + The name of the attribute. + + + + + True if the attribute is required. + + + + + True if the attribute can only be modified by system. + + + + + Get the hash code for the attribute. + + The hash code. + + + + Check attributes for equality. + + The other attribute to check. + True if equal. + + + + Overridden ToString method. + + The name of the attribute. + + + + Represents the type of schema class. + + + + + Legacy class. + + + + + Structure class (can be created). + + + + + Abstract class. + + + + + Auxiliary class. + + + + + Base class for a schema class or attribute object. + + + + + The GUID of the schema class. + + + + + The name of the schema class. + + + + + The LDAP display name. + + + + + The object class for the schema class. + + + + + The distinguished name for the schema class. + + + + + The domain name searched for this schema class. + + + + + The admin description for the object. + + + + + Indicates if this schema object is system only. + + + + + Overridden ToString method. + + The name of the schema class. + + + + Convert the schema class to an object type tree. + + The tree of object types. + + + + Convert the extended right to an object type tree. + + The schema class to convert. + The tree of object types. + + + + Class to represent a security principal in the directory. + + + + + Distinguished name of the group. + + + + + The SID of the object. + + + + + Overridden Equals. + + The other object to test. + True if equal. + + + + Overridden GetHashCode. + + The hash code. + + + + User flags. + + + + + Class implementing various utilities for directory services. + + + + + Name for the fake Directory Service NT type. + + + + + Get the generic mapping for directory services. + + The directory services generic mapping. + + + + Get a fake NtType for Directory Services. + + The fake Directory Services NtType + + + + Get the default property set. + + + + + Get the schema class for a GUID. + + Specify the domain to get the schema class for. + The GUID for the schema class. + The schema class, or null if not found. + + + + Get the schema class for a GUID. + + The GUID for the schema class. + The schema class, or null if not found. + + + + Get the schema class for a LDAP name. + + Specify the domain to get the schema class for. + The LDAP name for the schema class. + The schema class, or null if not found. + + + + Get the schema class for a LDAP name. + + The LDAP name for the schema class. + The schema class, or null if not found. + + + + Get the inferior schema class for a LDAP name. + + Specify the domain to get the schema class for. + The LDAP name for the parent schema class. + The schema classes. + + + + Get the inferior schema class for a LDAP name. + + The LDAP name for the schema class. + The schema classes. + + + + Get the auxiliary schema classes for a LDAP name. + + Specify the domain to get the schema class for. + The LDAP name for the parent schema class. + The schema classes. + + + + Get the auxiliary schema classes for a LDAP name. + + The LDAP name for the schema class. + The schema classes. + + + + Get all schema classes. + + Specify the domain to get the schema classes for. + The list of schema classes. + + + + Get all schema classes. + + The list of schema classes. + + + + Get all schema classes in a hierarchy. + + Specify the domain to get the schema classes for. + Specify to include auxiliary classes in the list. + The name of the base schema class. + The list of schema classes. + + + + Get all schema classes in a hierarchy. + + Specify to include auxiliary classes in the list. + The name of the base schema class. + The list of schema classes. + + + + Get the common name of an schema object class. + + Specify the domain to get the schema class for. + The GUID for the schema class. + The common name of the schema class, or null if not found. + + + + Get the common name of an schema object class. + + The GUID for the schema class. + The common name of the schema class, or null if not found. + + + + Get the schema attribute for a GUID. + + Specify the domain to get the schema attribute for. + The GUID for the schema attribute. + The schema attribute, or null if not found. + + + + Get the schema attribute for a GUID. + + The GUID for the schema attribute. + The schema attribute, or null if not found. + + + + Get the schema attribute for a LDAP name. + + Specify the domain to get the schema attribute for. + The LDAP name for the schema attribute. + The schema attribute, or null if not found. + + + + Get the schema attribute for a LDAP name. + + The LDAP name for the schema attribute. + The schema attribute, or null if not found. + + + + Get all schema attributes. + + Specify the domain to get the schema attributes for. + The list of schema attributes. + + + + Get all schema attributes. + + The list of schema attributes. + + + + Get the common name of a schema attribute. + + Specify the domain to get the schema attribute for. + The GUID for the schema attribute. + The common name of the schema attribute, or null if not found. + + + + Get the common name of a schema attribute. + + The GUID for the schema attribute. + The common name of the schema attribute, or null if not found. + + + + Get the extended right name by GUID. + + Specify the domain for the extended right. + The GUID for the extended right. + If true and the right is a property set, expand the name. + The name of the extended right, or null if not found. + + + + Get the extended right name by GUID. + + The GUID for the extended right. + If true and the right is a property set, expand the name. + The name of the extended right, or null if not found. + + + + Get an extended right by GUID. + + Specify the domain to get the extended right for. + The GUID for the extended right. + The extended right, or null if not found. + + + + Get an extended right by GUID. + + The GUID for the extended right. + The extended right, or null if not found. + + + + Get an extended right by common name. + + Specify the domain to get the extended right for. + The common name for the extended right. + The extended right, or null if not found. + + + + Get an extended right by common name. + + The common name for the extended right. + The extended right, or null if not found. + + + + Get a list of all extended rights in the current domain. + + Specify the domain to get the extended rights from. + The list of extended rights. + + + + Get a list of all extended rights in the current domain. + + The list of extended rights. + + + + Get a list of extended rights applied to a schema class. + + Specify the domain to get the extended rights from. + The schema class identifier. + The list of extended rights applies to the schema class. + + + + Get a list of extended rights applied to a schema class in the current domain. + + The schema class identifier. + The list of extended rights applies to the schema class. + + + + Create an object type entry for an access check. + + The object type level. + The object type GUID. + An optional name. + The object type entry. + + + + Get the object SID from a directory object. + + The directory entry. + The object SID. Returns null if no object SID exists. + + + + Get the object SID from a directory object. + + The domain name for the object. + The distinguished name of the object. + The object SID. Returns null if no object SID exists. + + + + Get the object SID from a directory object. + + The distinguished name of the object. + The object SID. Returns null if no object SID exists. + + + + Get a directory object. + + The domain name for the object. + The distinguished name of the object. + The object entry. + + + + Get a directory object. + + The distinguished name of the object. + The object entry. + + + + Standardize security descriptor to the rules of Active Directory. + + The security descriptor. + The standardized security descriptor. + + + + Get the value for the dsHeuristics attribute. + + The domain to read the dsHeuristics from. + The dsHeuristics value. + + + + Get the value for the dsHeuristics attribute. + + The dsHeuristics value. + + + + Get the value for an object's sDRightsEffective attribute. + + The domain for the object. + The distinguished name of the object. + The sDRightsEffective value. + + + + Get the value for an object's sDRightsEffective attribute. + + The distinguished name of the object. + The sDRightsEffective value. + + + + Try and find the an object from its SID. + + Specify the domain to search. + The SID to find. + The distinguished name of the object, null if not found. + + + + Try and find the token groups for an object. + + Domain name for the lookup. + The distinguished name to find. + True to return all groups including BUILTIN on the server. False for just universal and global groups. + The list of member SIDs. + + + + Try and find the token groups for an object using the SID. + + Sid to use for the object. + True to return all groups including BUILTIN on the server. False for just universal and global groups. + The list of member SIDs. + + + + Try and find the membership of groups for a name. + + Domain name for the lookup. + The distinguished name to find as member. + The list of groups. + + + + Call to pre-cache the schema for a domain, could take a long time to load. + + The domain to cache. + True if the schema was cached successfully. + + + + Call to pre-cache the schema for the current domain, could take a long time to load. + + True if the schema was cached successfully. + + + + Interface to convert a directory object to a tree for access checking. + + + + + The name of the object. + + + + + The ID of the object. + + + + + Convert the schema class to an object type tree. + + The tree of object types. + + + + DLL characteristic flags. + + + + + Reserved + + + + + Reserved + + + + + Reserved + + + + + Reserved + + + + + Reserved + + + + + Image can handle a high entropy 64-bit virtual address space. + + + + + DLL can be relocated at load time. + + + + + Code Integrity checks are enforced. + + + + + Image is NX compatible. + + + + + Isolation aware, but do not isolate the image. + + + + + Does not use structured exception (SE) handling. No SE handler may be called in this image. + + + + + Do not bind the image. + + + + + Image must execute in an AppContainer. + + + + + A WDM driver. + + + + + Image supports Control Flow Guard. + + + + + Terminal Server aware. + + + + + CodeView debug data for an executable. + + + + + The magic identifier. + + + + + The unique identifier. + + + + + Age of debug information. + + + + + Path to PDB file. + + + + + Identifier path to use when looking up symbol file. + + + + + Get just the name of the PDB file. + + + + + Get the symbol server path. + + The symbol URL, either a local path or a remote URL. + The symbol server path. + + + + Single DLL export entry. + + + + + The name of the export. If an ordinal this is #ORD. + + + + + The ordinal number. + + + + + Address of the exported entry. Can be 0 if a forwarded function. + + + + + Name of the forwarder, if used. + + + + + Get the module this was exported from. + + + + + Overridden ToString method. + + The name of the export. + + + + Single DLL import. + + + + + The name of the DLL importing from. + + + + + List of DLL imported functions. + + + + + List of names imported. + + + + + Could of functions + + + + + True of the imports are delay loaded. + + + + + The path to the executable this import came from. + + + + + Overridden ToString method. + + The DLL name and count. + + + + Single DLL import function. + + + + + The name of the DLL importing from. + + + + + The name of the imported function. If an ordinal this is #ORD. + + + + + Address of the imported function. Can be 0 if not a bound DLL. + + + + + Ordinal of import, if imported by ordinal. -1 if not. + + + + + Overridden ToString method. + + The name of the imported function. + + + + Simple class for an event trace. + + + + + Write an empty event. + + + + + Dispose method. + + + + + Level for trace event. + + + + + Critical level. + + + + + Error level. + + + + + Warning level. + + + + + Information level. + + + + + Verbose level. + + + + + Descriptor for an enabled trace provider. + + + + + Pointer to descriptor data. + + + + + Size of descriptor data. + + + + + Type of descriptor data. + + + + + An Event Trace Log. + + + + + Enable a provider. + + The GUID of the provider. + The level for the events. + Any keywords to match. + All keywords to match. + The timeout. + List of optional descriptors. + True to throw on error. + The resulting status code. + + + + Get allocated session GUID. + + + + + Get name of the session. + + + + + Finalizer. + + + + + Dispose the event trace log. + + + + + Source of an event trace provider. + + + + + Unknown source. + + + + + From WMI. + + + + + From NtTraceControl. + + + + + From the security key. + + + + + Class to represent an Event Trace Provider. + + + + + The ID of the provider. + + + + + The name of the provider. + + + + + Whether the provider is defined as an XML file or a MOF. + + + + + The provider security descriptor (only available as admin). + + + + + Indicates the source of the provider. + + + + + Class to access event tracing methods. + + + + + Query security of an event. + + The event GUID to query. + True to throw on error. + The event security descriptor. + + + + Query security of an event. + + The event GUID to query. + The event security descriptor. + + + + Query the default security for events. + + True to throw on error. + The default security descriptor. + + + + Query the default security for events. + + The default security descriptor. + + + + Modify trace security. + + The event trace GUID. + The operation to perform. + The SID to set. + The access mask to set. + True to allow, false to deny. + True to throw on error. + The NT status code. + + + + Modify trace security. + + The event trace GUID. + The operation to perform. + The SID to set. + The access mask to set. + True to allow, false to deny. + + + + Adds DACL ACE for an event trace. + + The event trace GUID. + The SID to set. + The access mask to set. + True to allow, false to deny. + True to throw on error. + The NT status code. + + + + Adds DACL ACE for an event trace. + + The event trace GUID. + The SID to set. + The access mask to set. + True to allow, false to deny. + + + + Clears DACL and adds ACE for an event trace. + + The event trace GUID. + The SID to set. + The access mask to set. + True to allow, false to deny. + True to throw on error. + The NT status code. + + + + lears DACL and adds ACE for an event trace. + + The event trace GUID. + The SID to set. + The access mask to set. + True to allow, false to deny. + + + + Remove security for an event trace. + + The event trace GUID. + True to throw on error. + The NT status code. + + + + Remove security for an event trace. + + The event trace GUID. + + + + Register an event trace with a specific GUID. + + The event trace GUID. + True to throw on error. + The event trace. + + + + Start an event trace log. + + The path to the log file. + Session GUID. + The name of the logging session. + True to throw on error. + The event trace log. + + + + Start an event trace log. + + The path to the log file. + Session GUID. + The name of the logging session. + The event trace log. + + + + Register an event trace with a specific GUID. + + The event trace GUID. + The event trace. + + + + Get the list of registered trace GUIDs. + + The list of trace GUIDs. + + + + Get the list of registered trace providers. + + Specify true to return a list of cached providers. + The list of trace providers. + + + + Get the list of registered trace providers. + + The list of trace providers. + Returns a cached list of providers, if you want to check the current list use GetProviders(bool). + + + + Get the name of a provider. + + The ID of the provider. + The name of the provider. Returns null if the provider had no name or doesn't exist. + + + + Contains information about a manifest file. + + + + + True if parsing the XML manifest failed. + + + + + Full path to the manifest location. + + + + + The name of the manifest. + + + + + True if the manifest indicates UI access. + + + + + The execution level from the manifest. + + + + + True if the manifest indicates auto elevation. + + + + + The manifest XML. + + + + + True if the manifest indicates long path awareness. + + + + + Get the manifests from a file. + + The file to extract the manifests from. + The list of manifests. + + + + Overridden ToString method. + + The manifest as a string. + + + + A class to represent filter communication port. + + + + + Open a filter communications port. + + The port name, e.g. \FilterName + Make the handle synchronous. + Optional context data. + True to throw on error. + The filter communications port. + + + + Open a filter communications port. + + The port name, e.g. \FilterName + Make the handle synchronous. + Optional context data. + The filter communications port. + + + + Open a filter communications port. + + The port name, e.g. \FilterName + The filter communications port. + + + + Get message from port. + + The maximum message size to receive. + True to throw on error. + The returned message. + + + + Get message from port. + + The maximum message size to receive. + The returned message. + + + + Reply to message. + + The NT status code. + The message ID from GetMessage. + The data to send. + True to throw on error. + The NT status code. + + + + Reply to message. + + The NT status code. + The message ID from GetMessage. + The data to send. + + + + Send a message to the filter. + + The input buffer. + The output buffer. + True to throw on error. + The bytes in the output buffer. + + + + Send a message to the filter. + + The input buffer. + The output buffer. + The bytes in the output buffer. + + + + Send a message to the filter. + + The input buffer. + The maximum size of the output buffer. + true to throw on error. + The output buffer. + + + + Send a message to the filter. + + The input buffer. + The maximum size of the output buffer. + The output buffer. + + + + Class to represent a filter communications port message. + + + + + The message ID. + + + + + The returned data. + + + + + The length of the reply to send. + + + + + Class to represent a filter drive. + + + + + True if a mini-filter, false if a legacy-filter. + + + + + Flags, if any. + + + + + The frame ID. + + + + + Number of instances if a mini-filter. + + + + + Name of the filter driver. + + + + + Altitude of the filter driver. + + + + + Class to represent a mini-filter instance. + + + + + The name of the instance. + + + + + The altitude of the instance. + + + + + The volume name. + + + + + The filter name. + + + + + Filter filesystem type. + + + + + an UNKNOWN file system type + + + + + Microsoft's RAW file system (\FileSystem\RAW) + + + + + Microsoft's NTFS file system (\FileSystem\Ntfs) + + + + + Microsoft's FAT file system (\FileSystem\Fastfat) + + + + + Microsoft's CDFS file system (\FileSystem\Cdfs) + + + + + Microsoft's UDFS file system (\FileSystem\Udfs) + + + + + Microsoft's LanMan Redirector (\FileSystem\MRxSmb) + + + + + Microsoft's WebDav redirector (\FileSystem\MRxDav) + + + + + Microsoft's Terminal Server redirector (\Driver\rdpdr) + + + + + Microsoft's NFS file system (\FileSystem\NfsRdr) + + + + + Microsoft's NetWare redirector (\FileSystem\nwrdr) + + + + + Novell's NetWare redirector + + + + + The BsUDF CD-ROM driver (\FileSystem\BsUDF) + + + + + Microsoft's Mup redirector (\FileSystem\Mup) + + + + + Microsoft's WinFS redirector (\FileSystem\RsFxDrv) + + + + + Roxio's UDF writeable file system (\FileSystem\cdudf_xp) + + + + + Roxio's UDF readable file system (\FileSystem\UdfReadr_xp) + + + + + Roxio's DVD file system (\FileSystem\DVDVRRdr_xp) + + + + + Tacit FileSystem (\Device\TCFSPSE) + + + + + Microsoft's File system recognizer (\FileSystem\Fs_rec) + + + + + Nero's InCD file system (\FileSystem\InCDfs) + + + + + Nero's InCD FAT file system (\FileSystem\InCDFat) + + + + + Microsoft's EXFat FILE SYSTEM (\FileSystem\exfat) + + + + + PolyServ's file system (\FileSystem\psfs) + + + + + IBM General Parallel File System (\FileSystem\gpfs) + + + + + Microsoft's Named Pipe file system(\FileSystem\npfs) + + + + + Microsoft's Mailslot file system (\FileSystem\msfs) + + + + + Microsoft's Cluster Shared Volume file system (\FileSystem\csvfs) + + + + + Microsoft's ReFS file system (\FileSystem\Refs or \FileSystem\Refsv1) + + + + + OpenAFS file system (\Device\AFSRedirector) + + + + + Composite Image file system (\FileSystem\cimfs) + + + + + Methods for accessing Filter Manager information. + + + + + Enumerate the list of filter drivers. + + The list of filter drivers. + + + + Enumerate the list of filter driver instances. + + The name of the filter driver. + The list of filter driver instances. + + + + Enumerate the list of filter driver instances for all filter drivers. + + The list of filter driver instances. + + + + Enumerate the list of filter drivers attached to a volume. + + The name of volume, e.g. C:\ + The list of filter volume instances. + + + + Enumerate the list of filter drivers attached for all volumes. + + The list of filter volume instances. + + + + Enumerate the list of filter volumes. + + The list of filter volumes + + + + Attach a filter to a volume. + + The filter name. + The volume name. + Optional altitude of the filter. + Optional instance name. + True to throw on error. + The created instance name. + + + + Attach a filter to a volume. + + The filter name. + The volume name. + Optional altitude of the filter. + Optional instance name. + The created instance name. + + + + Attach a filter to a volume. + + The filter name. + The volume name. + Optional altitude of the filter. + The created instance name. + + + + Attach a filter to a volume. + + The filter name. + The volume name. + The created instance name. + + + + Attach a filter to a volume. + + The filter name. + The volume name. + Optional instance name. + True to throw on error. + The NT status code. + + + + Attach a filter to a volume. + + The filter name. + The volume name. + Optional instance name. + The NT status code. + + + + Attach a filter to a volume. + + The filter name. + The volume name. + The NT status code. + + + + Class to represent a filter volume. + + + + + Is the filter detached from the volume. + + + + + Filter frame ID. + + + + + Filesystem type. + + + + + Filter volume name. + + + + + Class which represents a section from a loaded PE file. + + + + + The name of the section. + + + + + Buffer to the data. + + + + + Relative Virtual address of the data from the library base. + + + + + Image section characteristics. + + + + + Get the data as an array. + + The data as an array. If can't read the section returns an empty array. + + + + Characteristic flags for image section. + + + + + None. + + + + + Section is code. + + + + + Section is initialized data. + + + + + Section is uninitialized data. + + + + + Section is shared. + + + + + Section is executable. + + + + + Section is readable. + + + + + Section is writable. + + + + + Class to represent a resource in an image. + + + + + The name of the resource. + + + + + The type of the resource. + + + + + The size of the resource. + + + + + Get the resource as a byte array. + + The resource as a byte array. + + + + Image resource type. + + + + + The name of the resource as a string. + + + + + The well known type, is available (otherwise set to UNKNOWN) + + + + + Overridden ToString method. + + The name of the type. + + + + Known image resource types. + + + + + Interface for a symbol resolver. + + + + + Get list of loaded modules. + + The list of loaded modules + Note this will cache the results so subsequent calls won't necessarily see new modules. + + + + Get list of loaded modules and optionally refresh the list. + + True to refresh the current cached list of modules. + The list of loaded modules + + + + Get module at an address. + + The address for the module. + The module, or null if not found. + Note this will cache the results so subsequent calls won't necessarily see new modules. + + + + Get module at an address. + + The address for the module. + True to refresh the current cached list of modules. + The module, or null if not found. + + + + Get a string representation of a relative address to a module. + + The address to get the string for, + The string form of the address, e.g. modulename+0x100 + Note this will cache the results so subsequent calls won't necessarily see new modules. + + + + Get a string representation of a relative address to a module. + + The address to get the string for, + True to refresh the current cached list of modules. + The string form of the address, e.g. modulename+0x100 + + + + Get the address of a symbol. + + The name of the symbol, should include the module name, e.g. modulename!MySymbol. + The address of the symbol + + + + Get the symbol name for an address. + + The address of the symbol. + The symbol name. + + + + Get the symbol name for an address, with no fallback. + + The address of the symbol. + If true then generate a fake symbol. + The symbol name. If |generate_fake_symbol| is true and the symbol doesn't exist one is generated based on module name. + + + + Get the symbol name for an address, with no fallback. + + The address of the symbol. + If true then generate a fake symbol. + If true then return only the name of the symbols (such as C++ symbol name) rather than full symbol. + The symbol name. If |generate_fake_symbol| is true and the symbol doesn't exist one is generated based on module name. + + + + Reload the list of modules for this symbol resolver. + + + + + Load a specific module into the symbol resolver. + + The path to the module. + The base address of the loaded module. + + + + Flags for loading a library. + + + + + None. + + + + + Don't resolve DLL references + + + + + Load library as a data file. + + + + + Load with an altered search path. + + + + + Ignore code authz level. + + + + + Load library as an image resource. + + + + + Load library as a data file exclusively. + + + + + Add the DLL's directory temporarily to the search list. + + + + + Search application directory for the DLL. + + + + + Search the user's directories for the DLL. + + + + + Search system32 for the DLL. + + + + + Search the default directories for the DLL. + + + + + Logon type + + + + + This is used to specify an undefined logon type + + + + + Interactively logged on (locally or remotely) + + + + + Accessing system via network + + + + + Started via a batch queue + + + + + Service started by service controller + + + + + Proxy logon + + + + + Unlock workstation + + + + + Network logon with cleartext credentials + + + + + Clone caller, new default credentials + + + + + Remove interactive. + + + + + Cached Interactive. + + + + + Cached Remote Interactive. + + + + + Cached unlock. + + + + + Specify what account rights to get. + + + + + Get all account rights. + + + + + Get all privilege account rights. + + + + + Get logon account rights. + + + + + Utilities for user logon. + + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + The logged on token. + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + The Logon provider. + The logged on token. + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + The Logon provider. + True to throw on error. + The logged on token. + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + The Logon provider. + Additional groups to add. Needs SeTcbPrivilege. + The logged on token. + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + The Logon provider. + Additional groups to add. Needs SeTcbPrivilege. + True to throw on error. + The logged on token. + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + Additional groups to add. Needs SeTcbPrivilege. + The logged on token. + + + + Logon user using Kerberos Ticket. + + The type of logon token. + The service ticket. + Optional TGT. + True to throw on error. + The logged on token. + + + + Logon user using Kerberos Ticket. + + The type of logon token. + The service ticket. + Optional TGT. + The logged on token. + + + + Logon user using Kerberos Ticket. + + The type of logon token. + The service ticket. + Optional TGT. + True to throw on error. + The logged on token. + + + + Logon user using Kerberos Ticket. + + The type of logon token. + The service ticket. + Optional TGT. + The logged on token. + + + + Logon user using S4U + + The username. + The user's realm. + The type of logon token. + The name of the auth package to user. + True to throw on error. + The logged on token. + + + + Logon user using S4U + + The username. + The user's realm. + The type of logon token. + The name of the auth package to user. + The logged on token. + + + + Logon user using S4U + + The username. + The user's realm. + The type of logon token. + The logged on token. + + + + Logon user using S4U + + The username. + The user's realm. + The type of logon token. + The logged on token. + + + + Get a logon session. + + The logon session ID. + True to thrown on error. + The logon session. + + + + Get a logon session. + + The logon session ID. + The logon session. + + + + Get the logon session LUIDs + + True throw on error. + The list of logon sessions. Only returns ones you can access. + + + + Get the logon session LUIDs + + The list of logon sessions. Only returns ones you can access. + + + + Get the logon sessions. + + True throw on error. + The list of logon sessions. Only returns ones you can access. + + + + Get the logon sessions. + + The list of logon sessions. + + + + Get account rights assigned to a SID. + + The SID to query. + True to throw on error. + The list of account rights. + + + + Get account rights assigned to a SID. + + The SID to query. + The list of account rights. + + + + Get SIDs associated with an account right. + + The name of the account right, such as SeImpersonatePrivilege. + True to throw on error. + The list of SIDs assigned to the account right. + + + + Get SIDs associated with an account right. + + The name of the account right, such as SeImpersonatePrivilege. + The list of SIDs assigned to the account right. + + + + Get SIDs associated with an account right. + + The account right privilege to query. + True to throw on error. + The list of SIDs assigned to the account right. + + + + Get SIDs associated with an account right. + + The account right privilege to query. + The list of SIDs assigned to the account right. + + + + Get SIDs associated with an account right. + + The logon account right to query. + True to throw on error. + The list of SIDs assigned to the account right. + + + + Get SIDs associated with an account right. + + The logon account right to query. + The list of SIDs assigned to the account right. + + + + Get account rights. + + Specify the type of account rights to get. + Account rights. + + + + Get all account rights. + + All account rights. + + + + Add account rights to the user. + + The user SID to add. + The list of account rights. + True to throw on error. + The NT status code. + + + + Add account rights to the user. + + The user SID to add. + The list of account rights. + The NT status code. + + + + Add account rights as privileges. + + The user SID to add. + The list of account privileges. + True to throw on error. + The NT status code. + + + + Add account rights as privileges. + + The user SID to add. + The list of account privileges. + + + + Add account rights as privileges. + + The user SID to add. + The list of account logon types. + True to throw on error. + The NT status code. + + + + Add account rights as privileges. + + The user SID to add. + The list of account logon types. + + + + Remove account rights from a user. + + The user SID to remove. + The list of account rights. + True to throw on error. + The NT status code. + + + + Remove account rights from a user. + + The user SID to remove. + The list of account rights. + + + + Remove account rights from a user. + + The user SID to remove. + The list of privileges. + True to throw on error. + The NT status code. + + + + Remove account rights from a user. + + The user SID to remove. + The list of account privileges. + + + + Remove account rights from a user. + + The user SID to remove. + The list of account rights. + True to throw on error. + The NT status code. + + + + Remove account rights from a user. + + The user SID to remove. + The list of account rights. + + + + Win32 memory utils. + + + + + Write memory to a process. + + The process to write to. + The base address in the process. + The data to write. + The number of bytes written to the location + Thrown on error. + + + + Write memory to a process. + + The process to write to. + The base address in the process. + The data to write. + The number of bytes written to the location + Thrown on error. + + + + Class to represent a TCP listener with process ID. + + + + Gets the local endpoint of a Transmission Control Protocol (TCP) connection. + An instance that contains the IP address and port on the local computer. + + + Gets the remote endpoint of a Transmission Control Protocol (TCP) connection. + An instance that contains the IP address and port on the remote computer. + + + Gets the state of this Transmission Control Protocol (TCP) connection. + One of the enumeration values. + + + + Get local address. + + + + + Get local port. + + + + + Get remote address. + + + + + Get remote port. + + + + + Gets the process ID of the listener on the local system. + + + + + Gets the time the socket was created. + + + + + Gets the owner of the module. This could be an executable path or a service name. + + + + + Class to represent a UDP listener with process ID. + + + + Gets the local endpoint of a Transmission Control Protocol (TCP) connection. + An instance that contains the IP address and port on the local computer. + + + + Get local address. + + + + + Get local port. + + + + + Gets the process ID of the listener on the local system. + + + + + Gets the time the socket was created. + + + + + Gets the owner of the module. This could be an executable path or a service name. + + + + + Gets if the UDP socket is bound to a specific port. + + + + + Utilities for Win32 network APIs. + + + + + Get a list of TCP listeners with process IDs. + + The address family to query. + True to throw on error. + The list of TCP listeners. + The built-in System.Net.NetworkInformation.SystemIPGlobalProperties.GetActiveTcpListeners doesn't expose the PID member so we have to reimplement it. + + + + Get a list of TCP listeners with process IDs. + + The address family to query. + The list of TCP listeners. + The built-in System.Net.NetworkInformation.SystemIPGlobalProperties.GetActiveTcpListeners doesn't expose the PID member so we have to reimplement it. + + + + Get a list of TCP listeners with process IDs. Returns both IPv4 and IPv6 listeners. + + The list of TCP listeners. + The built-in System.Net.NetworkInformation.SystemIPGlobalProperties.GetActiveTcpListeners doesn't expose the PID member so we have to reimplement it. + + + + Get a TCP listener for a TCP port. + + The address family of the IP address. + The TCP port. + The listener information, or null if not found. + + + + Get a list of UDP listeners with process IDs. + + The address family to query. + True to throw on error. + The list of UDP listeners. + + + + Get a list of UDP listeners with process IDs. + + The address family to query. + The list of UDP listeners. + + + + Get a list of UDP listeners with process IDs. Returns both IPv4 and IPv6 listeners. + + The list of UDP listeners. + + + + APPX Package Architecture. + + + + + X86 + + + + + ARM + + + + + X64 + + + + + Neutral + + + + + ARM64 + + + + + APPX Package Origin. + + + + + Unknown origin. + + + + + Unsigned. + + + + + Inbox. + + + + + Store. + + + + + Developer unsigned. + + + + + Developer signed. + + + + + Line-of-business. + + + + + Class which represents an AppContainer package identity. + + + + + Process architecture. + + + + + Package version. + + + + + Package family name. + + + + + Publisher (not always available). + + + + + Resource ID. + + + + + Published ID. + + + + + Full package name. + + + + + Package origin. + + + + + Package family name. + + + + + Package install path. + + + + + The list of application model IDs. + + + + + Get the GetStagedPackageOrigin method as a delegate. It's supposed to be exposed by kernel32, + but actually doesn't seem to be. + + + + + + Create from a package full name. + + The package full name. + Query for full information (needs to be installed for the current user). + True to throw on error. + The package identity. + + + + Create from a package full name. + + The package full name. + Query for full information (needs to be installed for the current user). + The package identity. + + + + Create from a token. + + The AppContainer token. + Query for full information (needs to be installed for the current user). + True to throw on error. + The package identity. + + + + Create from a token. + + The AppContainer token. + Query for full information (needs to be installed for the current user). + The package identity. + + + + Class to represent a printer object. + + + + + Dispose the printer object. + + + + + Open a printer or server. + + The name of the printer or server. If this is null or empty then it's the local server. + The desired access on the printer. + True to throw on error. + The opened printer. + + + + Open a printer. + + The name of the printer. + The desired access on the printer. + The opened printer. + + + + Open a printer. + + The name of the printer. + The opened printer. + + + + Get security descriptor for the printer. + + True to throw on error. + The printer's security descriptor. + + + + Get security descriptor for the printer. + + The printer's security descriptor. + + + + Access rights for a print spooler object. + + + + + Utils for print spooler. + + + + + Name for the fake printer NT type. + + + + + Name for the fake print server NT type. + + + + + Name for the fake print server NT type. + + + + + Get the generic mapping for printer objects. + + The printer objects generic mapping. + + + + Get the generic mapping for job objects. + + The job objects generic mapping. + + + + Get the generic mapping for server objects. + + The server objects generic mapping. + + + + Get the appropriate NT type for the printer path. + + The printer path, e.g. \\server\printer. + The NT type. + + + + Class representing an RPC ALPC server. + + + + + The PID of the process which contains the ALPC server. + + + + + The name of the process which contains the ALPC server. + + + + + List of known endpoints potentially accessible via this RPC server. + + + + + The number of endpoints. + + + + + The name of the ALPC server. + + + + + The security descriptor of the ALPC server. + + + + + Get RPC ALPC servers for a specific process. + + The ID of the process. + The list of RPC ALPC servers. + If the process is suspended or frozen this call can hang. + + + + Get a list of all RPC ALPC servers. + + This works by discovering any server ALPC ports owned by the process and querying for interfaces. + This will ignore any frozen processes (primarily UWP) as they can't respond to the endpoint enumeration. + The list of RPC ALPC servers. + + + + Get the RPC ALPC server for an ALPC port object path. + + The object manager path to the ALPC port. + The ALPC RPC server. + Needs an API which is only available from Windows 10 19H1. + + + + Overridden ToString method. + + Formatted string. + + + + Generic RPC client. + + + + + Constructor. + + The interface ID. + Version of the interface. + + + + Constructor. + + The RPC server to bind to. + + + + Send and receive an RPC message. + + The procedure number. + Marshal NDR buffer for the call. + Unmarshal NDR buffer for the result. + + + + Class to represent an RPC endpoint. + + + + + The interface ID of the endpoint. + + + + + The interface version. + + + + + The object UUID. + + + + + Optional annotation. + + + + + RPC binding string. + + + + + Endpoint protocol sequence. + + + + + Endpoint network address. + + + + + Endpoint name. + + + + + Endpoint network options. + + + + + The endpoint path. + + + + + Indicates this endpoint is registered with the endpoint mapper. + + + + + Overridden ToString method. + + String form of the object. + + + + Get information about the server process. + + + + + + Static class to access information from the RPC mapper. + + + + + Query all endpoints registered on the local system. + + List of endpoints. + + + + Query all endpoints registered based on a binding string. + + The binding string for the server to search on. If null or empty will search localhost. + List of endpoints. + + + + Query for endpoints registered on the local system for an RPC endpoint. + + The binding string for the server to search on. If null or empty will search localhost. + Interface UUID to lookup. + Interface version lookup. + The list of registered RPC endpoints. + + + + Query for endpoints registered on the local system for an RPC endpoint. + + Interface UUID to lookup. + Interface version lookup. + The list of registered RPC endpoints. + + + + Query for endpoints registered on the local system for an RPC endpoint ignoring the version. + + The binding string for the server to search on. If null or empty will search localhost. + Interface UUID to lookup. + The list of registered RPC endpoints. + + + + Query for endpoints registered on the local system for an RPC endpoint ignoring the version. + + Interface UUID to lookup. + The list of registered RPC endpoints. + + + + Query for endpoints registered on the local system for an RPC endpoint. + + The server interface. + The list of registered RPC endpoints. + + + + Query for endpoints registered on the local system for an RPC endpoint via ALPC. + + Interface UUID to lookup. + Interface version lookup. + The list of registered RPC endpoints. + + + + Query for endpoints registered on the local system for an RPC endpoint via ALPC. + + The server interface. + The list of registered RPC endpoints. + + + + Query for endpoints for a RPC binding. + + The ALPC port to query. Can be a full path as long as it contains \RPC Control\ somewhere. + True to throw on error. + The list of endpoints on the RPC binding. + + + + Query for endpoints for a RPC binding. + + The ALPC port to query. Can be a full path as long as it contains \RPC Control\ somewhere. + The list of endpoints on the RPC binding. + + + + Query for endpoints for a RPC binding. + + The RPC binding to query, e.g. ncalrpc:[PORT] + True to throw on error. + The list of endpoints on the RPC binding. + + + + Query for endpoints for a RPC binding. + + The RPC binding to query, e.g. ncalrpc:[PORT] + The list of endpoints on the RPC binding. + + + + Resolve the local binding string for this service from the local Endpoint Mapper and return the endpoint. + + The protocol sequence to lookup. + Interface UUID to lookup. + Interface version lookup. + The mapped endpoint. + This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang. + + + + Resolve the local binding string for this service from the local Endpoint Mapper and return the endpoint. + + The protocol sequence to lookup. + The network address for the lookup. + Interface UUID to lookup. + Interface version lookup. + The mapped endpoint. + This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang. + + + + Resolve the local binding string for this service from the local Endpoint Mapper and return the endpoint. + + The string binding to map. + Interface UUID to lookup. + Interface version lookup. + The mapped endpoint. + This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang. + + + + Resolve the local binding string for this service from the local Endpoint Mapper and return the ALPC port path. + + Interface UUID to lookup. + Interface version lookup. + The mapped endpoint. + This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang. + + + + Resolve the local binding string for this service from the local Endpoint Mapper and return the ALPC port path. + + The server interface. + The mapped endpoint. + This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang. + + + + Finds ALPC endpoints which allows for the server binding. This brute forces all ALPC ports to try and find + something which will accept the bind. + + This could hang if the ALPC port is owned by a suspended process. + Interface UUID to lookup. + Interface version lookup. + A list of RPC endpoints which can bind the interface. + Throws on error. + + + + Finds an ALPC endpoint which allows for the server binding. This brute forces all ALPC ports to try and find + something which will accept the bind. + + This could hang if the ALPC port is owned by a suspended process. + Interface UUID to lookup. + Interface version lookup. + The first RPC endpoints which can bind the interface. Throws exception if nothing found. + Throws on error. + + + + Resolve the binding string for this service from the Endpoint Mapper. + + The binding string to map. + Interface UUID to lookup. + Interface version lookup. + This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang. + The RPC binding string. Empty string if it doesn't exist or the lookup failed. + + + + Resolve the binding string for this service from the the Endpoint Mapper. + + The protocol sequence to lookup. + The network address to lookup the endpoint. + Interface UUID to lookup. + Interface version lookup. + This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang. + The RPC binding string. Empty string if it doesn't exist or the lookup failed. + + + + Resolve the binding string for this service from the local Endpoint Mapper. + + The protocol sequence to lookup. + Interface UUID to lookup. + Interface version lookup. + This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang. + The RPC binding string. Empty string if it doesn't exist or the lookup failed. + + + + A class to represent an RPC server. + + + + + Resolve the current running endpoint for this server. + + + + + + Format the RPC server as text. + + The formatted RPC server. + + + + Format the RPC server as text. + + True to remove comments from the output. + The formatted RPC server. + + + + Format the RPC server as text. + + True to remove comments from the output. + Formating using C++ pseduo syntax. + The formatted RPC server. + + + + Serialize the RPC server to a stream. + + The stream to hold the serialized server. + Only use the output of this method with the Deserialize method. No guarantees of compatibility is made between + versions of the library or the specific format used. + + + + Serialize the RPC server to a byte array. + + The serialized data. + Only use the output of this method with the Deserialize method. No guarantees of compatibility is made between + versions of the library or the specific format used. + + + + The RPC server interface UUID. + + + + + The RPC server interface version. + + + + + The RPC transfer syntax GUID. + + + + + The RPC transfer syntax version. + + + + + The number of RPC procedures. + + + + + The list of RPC procedures. + + + + + The NDR RPC server. + + + + + List of parsed complext types. + + + + + Path to the PE file this server came from (if known) + + + + + Name of the the PE file this server came from (if known) + + + + + Offset into the PE file this server was parsed from. + + + + + Name of the service this server would run in (if known). + + + + + Display name of the service this server would run in (if known). + + + + + True if the service is currently running. + + + + + List of endpoints for this service if running. + + + + + Count of endpoints for this service if running. + + + + + This parsed interface represents a client. + + + + + Parse all RPC servers from a PE file. + + The PE file to parse. + Path to a DBGHELP DLL to resolve symbols. + Symbol path for DBGHELP + This only works for PE files with the same bitness as the current process. + A list of parsed RPC server. + + + + Parse all RPC servers from a PE file. + + The PE file to parse. + Path to a DBGHELP DLL to resolve symbols. + Symbol path for DBGHELP + True to parse client RPC interfaces. + This only works for PE files with the same bitness as the current process. + A list of parsed RPC server. + + + + Parse all RPC servers from a PE file. + + The PE file to parse. + Path to a DBGHELP DLL to resolve symbols. + Symbol path for DBGHELP + True to parse client RPC interfaces. + Ignore symbol resolving. + This only works for PE files with the same bitness as the current process. + A list of parsed RPC server. + + + + Parse all RPC servers from a PE file. + + The PE file to parse. + Path to a DBGHELP DLL to resolve symbols. + Symbol path for DBGHELP + Flags for the RPC parser. + This only works for PE files with the same bitness as the current process. + A list of parsed RPC server. + + + + Deserialize an RPC server instance from a stream. + + The stream to deserialize from. + The RPC server instance. + The data used by this method should only use the output from serialize. No guarantees of compatibility is made between + versions of the library or the specific format used. + + + + Deserialize an RPC server instance from a byte array. + + The byte array to deserialize from. + The RPC server instance. + The data used by this method should only use the output from serialize. No guarantees of compatibility is made between + versions of the library or the specific format used. + + + + Get the default RPC server security descriptor. + + The default security descriptor. + + + + Flags for the RPC server parser. + + + + + None. + + + + + Parse client entries. + + + + + Ignore symbols when parsing. + + + + + Try and resolve structure names. Needs private symbols. + + + + + Enable a symbol server fallback. If the copy of dbghelp doesn't have a symsrv.dll + then download from a public symbol URL to a local cache directory during symbol + resolving. + + + + + Base class for a RPC client. + + + + + Constructor. + + The interface ID. + Version of the interface. + + + + Constructor. + + The interface ID as a string. + Major version of the interface. + Minor version of the interface. + + + + Send and receive an RPC message. + + The procedure number. + The NDR data representation. + Marshal NDR buffer for the call. + List of handles marshaled into the buffer. + Unmarshal NDR buffer for the result. + + + + Method to call to check if the transport supports synchronous pipes. + + + + + Method to call to check if the transport supports asynchronous pipes. + + + + + Get whether the client is connected or not. + + + + + Get the endpoint that we connected to. + + + + + Get the protocol sequence that we connected to. + + + + + Get or set the current Object UUID used for calls. + + + + + The RPC interface ID. + + + + + The RPC interface version. + + + + + Get the client transport object. + + + + + Connect the client to a RPC endpoint. + + The endpoint for RPC server. + The transport security for the connection. + + + + Connect the client to a RPC endpoint. + + The endpoint for RPC server. + The security quality of service for the connection. + + + + Connect the client to a RPC endpoint. + + The protocol sequence for the transport. + The endpoint for the protocol sequence. + The network address for the protocol sequence. + The security quality of service for the connection. + + + + Connect the client to a RPC endpoint. + + The protocol sequence for the transport. + The endpoint for the protocol sequence. + The network address for the protocol sequence. + The transport security for the connection. + + + + Connect the client to a RPC endpoint. + + The protocol sequence for the transport. + The endpoint for the protocol sequence. + The security quality of service for the connection. + + + + Connect the client to a RPC endpoint. + + The protocol sequence for the transport. + The endpoint for the protocol sequence. + The transport security for the connection. + + + + Connect the client to an ALPC RPC port. + + The path to the ALPC RPC port. + The security quality of service for the port. + + + + Connect the client to a RPC endpoint. + + The binding string for the RPC server. + The transport security for the connection. + + + + Connect the client to an ALPC RPC port. + + The path to the ALPC RPC port. If an empty string the endpoint will be looked up in the endpoint mapper. + + + + Connect the client to an ALPC RPC port. + + The ALPC endpoint will be looked up in the endpoint mapper. + + + + Dispose of the client. + + + + + Disconnect the client. + + + + + Builder to create an RPC client from an RpcServer class. + + + + + Build a source file for the RPC client. + + The RPC server to base the client on. + Additional builder arguments. + The code generation options, can be null. + The code dom provider, such as CSharpDomProvider + The source code file. + + + + Build a C# source file for the RPC client. + + The RPC server to base the client on. + Additional builder arguments. + The C# source code file. + + + + Build a C# source file for the RPC client. + + The RPC server to base the client on. + The C# source code file. + + + + Build a source file for RPC complex types. + + The RPC complex types to build the encoders from. + Name of the decoder class. Can be null or empty to use default. + Name of the encoder class. Can be null or empty to use default. + Name of the generated namespace. Null or empty specified no namespace. + The code generation options, can be null. + The code dom provider, such as CSharpDomProvider + True to wrap complex decoders in a unique pointer. + The source code file. + + + + Build a source file for RPC complex types. + + The RPC complex types to build the encoders from. + Name of the decoder class. Can be null or empty to use default. + Name of the encoder class. Can be null or empty to use default. + Name of the generated namespace. Null or empty specified no namespace. + The code generation options, can be null. + The code dom provider, such as CSharpDomProvider + The source code file. + + + + Build a source file for RPC complex types. + + The RPC complex types to build the encoders from. + Name of the decoder class. Can be null or empty to use default. + Name of the encoder class. Can be null or empty to use default. + Name of the generated namespace. Null or empty specified no namespace. + True to wrap complex decoders in a unique pointer. + The source code file. + + + + Build a source file for RPC complex types. + + The RPC complex types to build the encoders from. + Name of the decoder class. Can be null or empty to use default. + Name of the encoder class. Can be null or empty to use default. + Name of the generated namespace. Null or empty specified no namespace. + The source code file. + + + + Build a source file for RPC complex types. + + The RPC complex types to build the encoders from. + The C# source code file. + + + + Compile an in-memory assembly for the RPC client. + + The RPC server to base the client on. + Additional builder arguments. + True to ignore cached assemblies. + Code DOM provider to compile the assembly. + The compiled assembly. + This method will cache the results of the compilation against the RpcServer. + + + + Compile an in-memory assembly for the RPC client. + + The RPC server to base the client on. + Additional builder arguments. + True to ignore cached assemblies. + The compiled assembly. + This method will cache the results of the compilation against the RpcServer. + + + + Compile an in-memory assembly for the RPC client. + + The RPC server to base the client on. + Additional builder arguments. + The compiled assembly. + This method will cache the results of the compilation against the RpcServer. + + + + Compile an in-memory assembly for the RPC client. + + The RPC server to base the client on. + True to ignore cached assemblies. + The compiled assembly. + This method will cache the results of the compilation against the RpcServer. + + + + Compile an in-memory assembly for the RPC client. + + The RPC server to base the client on. + The compiled assembly. + This method will cache the results of the compilation against the RpcServer. + + + + Create an instance of an RPC client. + + The RPC server to base the client on. + True to ignore cached assemblies. + Additional builder arguments. + Code DOM provider to compile the assembly. + The created RPC client. + This method will cache the results of the compilation against the RpcServer. + + + + Create an instance of an RPC client. + + The RPC server to base the client on. + True to ignore cached assemblies. + Additional builder arguments. + The created RPC client. + This method will cache the results of the compilation against the RpcServer. + + + + Create an instance of an RPC client. + + The RPC server to base the client on. + Additional builder arguments. + The created RPC client. + This method will cache the results of the compilation against the RpcServer. + + + + Create an instance of an RPC client. + + The RPC server to base the client on. + The created RPC client. + This method will cache the results of the compilation against the RpcServer. + + + + Flags for the RPC client builder. + + + + + None. + + + + + Generate public properties on the client to create defined complex types. + + If not specified then constructors will be defined on the types themselves. + + + + Insert breakpoints into the start of every generated method. Also enables debugging. + + + + + Disable calculated correlation information. This will prevent automatic updating of array and + string lengths based on other parameters or fields. This might result in unexpected behavior or + call failures. This won't disable correlations for union types or constant correlations. + + + + + Don't emit any namespace, normally not specifying a namespace will auto-generate one. + + + + + Output FC_CHAR as if the original compiler had specified unsigned char types. Basically converts + System.SByte to System.Byte where needed which makes the methods easier to use. + + + + + Return ref/out parameters via a structure rather than requiring ref/out parameters in client + methods. + + + + + When using StructureReturn hide the original out/ref methods. + + + + + Generate encode/decode methods for complex types. + + + + + Exclude any text in the source code which can change between generations. + + + + + Wrap complex type decoders with a unique pointer. + + + + + Marshal pipe parameters using arrays. + + + + + Arguments for the RPC client builder. + + + + + Builder flags. + + + + + The namespace for the client class. + + + + + The class name of the client. + + + + + The class name of the complex type encoding class. + + + + + The class name of the complex type decoder class. + + + + + Enable debugging on built code. + + + + + GetHashCode implementation. + + The hash code. + + + + Equals implementation. + + The object to compare against. + True if the object is equal. + + + + Response data from an RPC client call. + + + + + The marshaled NDR data from the response. + + + + + Any object handles returned in the response. (only for ALPC). + + + + + Indicates the NDR data representation for the response. + + + + + Class to represent details about a server process. + + + + + The server process ID. + + + + + The server session ID. + + + + + The name of the process. + + + + + Get the process image path. + + + + + Overridden ToString method. + + + + + + Some addition internal utilities for RPC code. + + + + + Specify RPC trace level. + + Specify the RPC trace level. + This dumps NDR data. Verbose dumps the binary data. + + + + Specify RPC transport trace level. + + Specify the RPC transport trace level. + Verbose dumps the transport binary data. + + + + Helper to dereference a type. + + The type to dereference. + The value to dereference. + The dereferenced result. + + + + Helper to dereference a type. + + The type to dereference. + The value to dereference. + The dereferenced result. + + + + Helper to check for NULL. + + The type to check. + The object to check. + The name of the value to check. + The checked value. + + + + Helper to check for NULL. + + The type to check. + The object to check. + The name of the value to check. + The checked value. + + + + Helper to check for NULL. + + The type to check. + The object to check. + The name of the value to check. + The checked value. + + + + Helper to dereference a type. + + The type to dereference. + The value to dereference. + The dereferenced result. + + + + Helper to perform a plus unary operation. + + The value to apply the operator to. + The result. + + + + Helper to perform a minus unary operation. + + The value to apply the operator to. + The result. + + + + Helper to perform a complement unary operation. + + The value to apply the operator to. + The result. + + + + Perform a ternary operation. + + The condition to evaluate as != 0. + The result if true. + The result if false. + The result. + + + + Perform ADD. + + The left operand. + The right operand. + The result. + + + + Perform SUB. + + The left operand. + The right operand. + The result. + + + + Perform MUL. + + The left operand. + The right operand. + The result. + + + + Perform DIV. + + The left operand. + The right operand. + The result. + + + + Perform MOD. + + The left operand. + The right operand. + The result. + + + + Perform Bitwise AND. + + The left operand. + The right operand. + The result. + + + + Perform Bitwise OR. + + The left operand. + The right operand. + The result. + + + + Perform bitwise XOR. Needed as Code DOM doesn't support XOR. + + The left operand. + The right operand. + The result. + + + + Perform bitwise LEFTSHIFT. + + The left operand. + The right operand. + The result. + + + + Perform bitwise RIGHTSHIFT. + + The left operand. + The right operand. + The result. + + + + Perform logical AND. + + The left operand. + The right operand. + The result. + + + + Perform logical OR. + + The left operand. + The right operand. + The result. + + + + Perform EQUAL. + + The left operand. + The right operand. + The result. + + + + Perform NOTEQUAL. + + The left operand. + The right operand. + The result. + + + + Perform GREATER. + + The left operand. + The right operand. + The result. + + + + Perform GREATEREQUAL. + + The left operand. + The right operand. + The result. + + + + Perform LESS. + + The left operand. + The right operand. + The result. + + + + Perform LESSEQUAL. + + The left operand. + The right operand. + Returns left LESSEQUAL right. + + + + Convert value to a boolean. + + The value + True if value != 0. + + + + Convert value to a boolean. + + The value + True if value != 0. + + + + Convert value to a boolean. + + The value + True if value != 0. + + + + Convert value to a boolean. + + The value + True if value != 0. + + + + Convert value to a boolean. + + The value + True if value != 0. + + + + Convert value to a boolean. + + The value + True if value != 0. + + + + Convert value to a boolean. + + The value + True if value != 0. + + + + Convert value to a boolean. + + The value + True if value != 0. + + + + Convert value to a boolean. + + The value + True if value != 0. + + + + Convert value to a boolean. + + The nullable value + True if value has a value set. + + + + Convert value to a boolean. + + The nullable value + True if value has a value set. + + + + Compose a string binding from its parts. + + The object UUID. + The protocol sequence. + The network address. + The endpoint. + The options. + The composed binding string. + + + + Interface to implement an RPC client transport. + + + + + Bind the RPC transport to a specified interface. + + The interface ID to bind to. + The interface version to bind to. + The transfer syntax to use. + The transfer syntax version to use. + + + + Send and receive an RPC message. + + The procedure number. + The object UUID for the call. + NDR data representation. + Marshal NDR buffer for the call. + List of handles marshaled into the buffer. + Client response from the send. + + + + Add and authenticate a new security context. + + The transport security for the context. + The created security context. + + + + Disconnect the transport. + + + + + Get whether the client is connected or not. + + + + + Get the endpoint the client is connected to. + + + + + Get the transport protocol sequence. + + + + + Get whether the client has been authenticated. + + + + + Get the transport's authentication type. + + + + + Get the transport's authentication level. + + + + + Get information about the local server process, if known. + + + + + Get the current Call ID. + + + + + Indicates if this connection supported multiple security context. + + + + + Get the list of negotiated security context. + + + + + Get or set the current security context. + + + + + Get whether the transport supports synchronous pipes. + + + + + RPC client transport over ALPC. + + + + + Constructor. + + The path to connect. The format depends on the transport. + The security quality of service for the connection. + + + + Constructor. + + The path to connect. The format depends on the transport. + The security quality of service for the connection. + Timeout for connection. + + + + Bind the RPC transport to an interface. + + The interface ID to bind to. + The interface version to bind to. + The transfer syntax to use. + The transfer syntax version to use. + + + + Send and receive an RPC message. + + The procedure number. + The object UUID for the call. + NDR data representation. + Marshal NDR buffer for the call. + List of handles marshaled into the buffer. + Client response from the send. + + + + Dispose of the client. + + + + + Disconnect the client. + + + + + Add and authenticate a new security context. + + The transport security for the context. + The created security context. + + + + Get whether the client is connected or not. + + + + + Get the ALPC port path that we connected to. + + + + + Get the current Call ID. + + + + + Get the transport protocol sequence. + + + + + Get information about the local server process, if known. + + + + + Get whether the client has been authenticated. + + + + + Get the transports authentication type. + + + + + Get the transports authentication level. + + + + + Indicates if this connection supported multiple security context. + + + + + Get the list of negotiated security context. + + + + + Get or set the current security context. + + + + + Get whether the transport supports synchronous pipes. + + + + + Flags to specify RPC authentication capabilities. + + + + + None. + + + + + Enable mutual authentication. + + + + + Enable a NULL session authentication. + + + + + Enable delegation of credentials if supported. + + + + + Authentication level for RPC transport. + + + + + Default. + + + + + None. + + + + + Connect only. + + + + + Call only. + + + + + Packet only. + + + + + Packet integrity. + + + + + Packer privacy and integrity. + + + + + RPC authentication type. + + + + + Default. Uses WinNT. + + + + + No authentication. + + + + + DCE private. + + + + + DCE public. + + + + + DEC public. + + + + + SPNEGO authentication. + + + + + WinNT authentication, i.e. NTLM. + + + + + Secure channel. + + + + + Kerberos. + + + + + DPA. + + + + + MSN. + + + + + Digest. + + + + + Kernel. + + + + + SPNEGO extender. + + + + + PKU2U + + + + + LiveSSP + + + + + LiveXP SSP. + + + + + CloudAP. + + + + + Netlogon. + + + + + MS Online. + + + + + Message Queue. + + + + + Interface to implement an RPC client transport factory. + + + + + Connect a new RPC client transport. + + The RPC endpoint. + The transport security for the connection. + The connected transport. + + + + Factory for RPC client transports. + + + + + Add a new transport factory. + + The protocol sequence to add. + The transport factory. + + + + Connect a client transport from an endpoint. + + The RPC endpoint. + The security quality of service for the connection. + The connected client transport. + Thrown if protocol sequence unsupported. + Other exceptions depending on the connection. + + + + Connect a client transport from an endpoint. + + The RPC endpoint. + The transport security for the connection. + The connected client transport. + Thrown if protocol sequence unsupported. + Other exceptions depending on the connection. + + + + Base class for a DCE/RPC connected client transport. This implements the common functions + of the DCE/RPC specs for connected network based RPC transports. + + + + + Constructor. + + The initial maximum receive fragment length. + The initial maximum send fragment length. + The transport security for the connection. + The data representation. + + + + Read the next fragment from the transport. + + The maximum receive fragment length. + The read fragment. + + + + Write the fragment to the transport. + + The fragment to write. + True if successfully wrote the fragment. + + + + Get whether the client is connected or not. + + + + + Get the endpoint the client is connected to. + + + + + Get the transport protocol sequence. + + + + + Get information about the server process, if known. + + + + + Get whether the client has been authenticated. + + + + + Get the transports authentication type. + + + + + Get the transports authentication level. + + + + + Get the transport authentication context. + + + + + Indicates if this connection supported multiple security context. + + + + + Get the list of negotiated security context. + + + + + Get or set the current security context. + + + + + Get the current Call ID. + + + + + Get maximum receive fragment. + + + + + Get maximum send fragment. + + + + + Get association group ID. + + + + + Get whether the transport supports synchronous pipes. + + + + + Bind the RPC transport to a specified interface. + + The interface ID to bind to. + The interface version to bind to. + The transfer syntax to use. + The transfer syntax version to use. + + + + Add and authenticate a new security context. + + The transport security for the context. + The created security context. + + + + Send and receive an RPC message. + + The procedure number. + The object UUID for the call. + NDR data representation. + Marshal NDR buffer for the call. + List of handles marshaled into the buffer. + Client response from the send. + + + + Disconnect the transport. + + + + + Enable or disable bind time feature negotiation. You need to enable this to + use multiple security context. + + Should be set before connecting an RPC client. + + + + Dispose the transport. + + + + + Extended error information. + + + + + Computer name. + + + + + Process ID. + + + + + Timestamp. + + + + + Generating component. + + + + + Status code. + + + + + Detection location. + + + + + Flags. + + + + + Extra parameters. + + + + + Exception for RPC fault conditions. + + + + + Constructor. + + The RPC status code. + + + + Get extended error information. + + + + + RPC client transport over HyperV sockets. + + + + + Constructor. + + The HyperV socket endpoint to connect to. + The transport security for the connection. + + + + Get the transport protocol sequence. + + + + + RPC client transport over named pipes. + + + + + Constructor. + + The NT pipe path to connect. e.g. \??\pipe\ABC. + The transport security for the connection. + + + + Dispose of the client. + + + + + Disconnect the client. + + + + + Read the next fragment from the transport. + + The maximum receive fragment length. + The read fragment. + + + + Write the fragment to the transport. + + The fragment to write. + True if successfully wrote the fragment. + + + + Get whether the client is connected or not. + + + + + Get the named pipe port path that we connected to. + + + + + Get the transport protocol sequence. + + + + + Get information about the local server process, if known. + + + + + Class to implement a RPC client transport based on a stream. + + + + + Constructor. + + The stream to use to communicate with the transport. + The initial maximum receive fragment length. + The initial maximum send fragment length. + The transport security for the connection. + The data representation. + + + + Read the next fragment from the transport. + + The maximum receive fragment length. + The read fragment. + + + + Write the fragment to the transport. + + The fragment to write. + True if successfully wrote the fragment. + + + + Class to implement RPC over a stream based socket. + + + + + Constructor. + + The socket to use to communicate. + The initial maximum receive fragment length. + The initial maximum send fragment length. + The transport security for the connection. + The data representation. + + + + Disconnect the client. + + + + + Dispose of the client. + + + + + Get whether the client is connected or not. + + + + + Get the named pipe port path that we connected to. + + + + + RPC client transport over TCP/IP; + + + + + Get the server process information. + + The server process information. + + + + Constructor. + + The hostname to connect to. + The TCP port to connect to. + The transport security for the connection. + + + + Get the transport protocol sequence. + + + + + Get information about the local server process, if known. + + + + + Exception generated by the RPC transport. + + + + + Constructor. + + + + + Constructor. + + Exception message. + + + + Constructor. + + Exception message. + Inner exception. + + + + Class to represent the RPC transport security. + + + + + Security quality of service. + + + + + Authentication level. + + + + + Authentication type. + + + + + Authentication credentials. + + + + + The SPN for the authentication. + + + + + Authentication capabilities. + + + + + Constructor. + + Factory to create a non-standard authentication context. + You can use this version to create a mechanism to pass existing tokens such as pass-the-hash or sending arbitrary Kerberos tickets. + + + + Constructor. + + Security quality of service. + + + + Query the service principal name for the server. + + The binding string for the server. + The authentication service to query. + True to throw on error. + The service principal name. + + + + Query the service principal name for the server. + + The binding string for the server. + The authentication service to query. + The service principal name. + + + + Class to represent an RPC transport security context. + + + + + The ID of the security context. + + + + + The RPC transport security settings. + + + + + The authentication context. + + + + + The negotiated authentication type. + + + + + The authentication level. + + + + + Dummy class to mark the old name as obsolete. + + + + + Detaches the current buffer and allocates a new one. + + The detached buffer. + The original buffer will become invalid after this call. + + + + Safe handle for a loaded library. + + + + + Constructor + + The handle to the library + True if the handle is owned by this object. + + + + Release handle. + + True if handle released. + + + + Get the address of an exported function, throw if the function doesn't exist. + + The name of the exported function. + True to throw on error. + Pointer to the exported function. + Thrown if the name doesn't exist. + + + + Get the address of an exported function from an ordinal. + + The ordinal of the exported function. + True to throw on error. + Pointer to the exported function. + Thrown if the ordinal doesn't exist. + + + + Get the address of an exported function. + + The name of the exported function. + Pointer to the exported function, or IntPtr.Zero if it can't be found. + + + + Get the address of an exported function from an ordinal. + + The ordinal of the exported function. + Pointer to the exported function, or IntPtr.Zero if it can't be found. + + + + Get a delegate which points to an unmanaged function. + + The delegate type. + The name of the function to lookup. + True to throw on error. + The delegate. + + + + Get a delegate which points to an unmanaged function. + + The delegate type. The name of the delegate is used to lookup the name of the function. + True to throw on error. + The delegate. + + + + Get a delegate which points to an unmanaged function. + + The delegate type. + The name of the function to lookup. + The delegate. + + + + Get a delegate which points to an unmanaged function. + + The delegate type. The name of the delegate is used to lookup the name of the function. + The delegate. + + + + Pin the library into memory. This prevents FreeLibrary unloading the library until + the process exits. + + + + + Parse a library's delayed import information. + + A dictionary containing the location of import information keyed against the IAT address. + + + + Get the image sections from a loaded library. + + The list of image sections. + + + + Load the resource's bytes from the module. + + The name of the resource. + The type of the resource. + True to throw on error. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The type name of the resource. + True to throw on error. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The well known type of the resource. + True to throw on error. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The type of the resource. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The type name of the resource. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The well known type of the resource. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The type of the resource. + True to throw on error. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The type name of the resource. + True to throw on error. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The well known type of the resource. + True to throw on error. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The type of the resource. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The type name of the resource. + The bytes for the resource. + + + + Load the resource's bytes from the module. + + The name of the resource. + The well known type of the resource. + The bytes for the resource. + + + + Get list of resource types from the loaded library. + + The list of resource types. + + + + Get list of resource types from the loaded library. + + The type for the resources. + True to load the resource data. + The list of resource types. + + + + Get list of resource types from the loaded library. + + The type for the resources. + The list of resource types. + This always loads resource data into memory. + + + + Get list of resource types from the loaded library. + + The typename for the resources. + True to load the resource data. + The list of resource types. + + + + Get list of resource types from the loaded library. + + The typename for the resources. + The list of resource types. + This always loads resource data into memory. + + + + Get list of resource types from the loaded library. + + The well known type for the resources. + True to load the resource data. + The list of resource types. + + + + Get list of resource types from the loaded library. + + The well known type for the resources. + The list of resource types. + This always loads resource data into memory. + + + + Get list of resource types from the loaded library. + + True to load the resource data. + The list of resource types. + + + + Get list of resource types from the loaded library. + + The list of resource types. + This always loads resource data into memory. + + + + Load a string for the library's string resource table. + + The ID of the string. + True to throw on error. + The loaded string. + + + + Load a string for the library's string resource table. + + The ID of the string. + The loaded string. + + + + Increases the reference count and returns a new instance. + + + + + + Get path to loaded module. + + + + + Get the module name. + + + + + Whether this library is mapped as an image. + + + + + Whether this library is mapped as a datafile. + + + + + Get current mapped image base. + + + + + Get original image base address. + + + + + Get image entry point RVA. + + + + + Get image entry point address as mapped. + + + + + Get whether the image is 64 bit or not. + + + + + Get the image's DLL characteristics flags. + + + + + Get exports from the DLL. + + + + + Get imports from the DLL. + + + + + Return resolved API set imports for the DLL. + + + + + Get CodeView Debug Data from DLL. + + + + + Get image signing level. + + + + + Get embedded enclave configuration. + + + + + Load a library into memory. + + The path to the library. + Additonal flags to pass to LoadLibraryEx + True to throw on error. + Handle to the loaded library. + + + + Load a library into memory. + + The path to the library. + Additonal flags to pass to LoadLibraryEx + Handle to the loaded library. + + + + Load a library into memory. + + The path to the library. + Handle to the loaded library. + + + + Get the handle to an existing loading library by name. + + The name of the module. + The handle to the loaded library. + Thrown if the module can't be found. + This will take a reference on the library, you should dispose the handle after use. + + + + Get the handle to an existing loading library by name. + + The name of the module. + The handle to the loaded library. Returns Null if not found. + This will take a reference on the library, you should dispose the handle after use. + + + + Get the handle to an existing loading library by an address in the module. + + An address inside the module. + The handle to the loaded library, null if the address isn't inside a valid module. + This will take a reference on the library, you should dispose the handle after use. + + + + Pin the library into memory. This prevents FreeLibrary unloading the library until + the process exits. + + The name of the module to pin. + + + + Pin the library into memory. This prevents FreeLibrary unloading the library until + the process exits. + + The address of the module to pin. + + + + NULL load library handle. + + + + + Represents an impersonation safe win32 exception, which resolves the win32 message when Message is called. + + + + + Constructor. + + + + + Constructor. + + Win32 error. + + + + The message for the exception. + + + + + Access rights for system audit policy. + + + + + System Audit Category. + + + + + System Audit Category. + + + + + The user for the per-user category. + + + + + System Audit Category base class. + + + + + The ID of the category. + + + + + The name of the category. + + + + + List of sub categories. + + + + + Convert to string. + + The name of the category. + + + + Set audit policy on all sub categories. + + The flags to set. + True to throw on error. + The audit policy flags. + + + + Set audit policy on all sub categories. + + The flags to set. + The audit policy flags. + + + + Type of global SACL to query or set. + + + + + File type. + + + + + Key type. + + + + + Policy audit event type. + + + + + Audit policy flags. + + + + + Set unchanged. + + + + + Audit on success. + + + + + Audit on failure. + + + + + Audit nothing. + + + + + Per user policy flags. + + + + + Set unchanged. + + + + + Audit on success included. + + + + + Audit on success excluded. + + + + + Audit on failure included. + + + + + Audit on failure excluded. + + + + + Audit nothing. + + + + + Utilities for security auditing policy. + + + + + Name for the fake Audit NT type. + + + + + Get the generic mapping for directory services. + + The directory services generic mapping. + + + + Get a fake NtType for System Audit Policy. + + The fake Directory Services NtType + + + + Query the Auditing Security Descriptor. + + The security information to query. + True to throw on error. + The security descriptor. + + + + Query the Auditing Security Descriptor. + + The security information to query. + The security descriptor. + + + + Query the Auditing Security Descriptor. + + The security descriptor. + + + + Set the Auditing Security Descriptor. + + The security information to set. + The security descriptor to set. + True to throw on error. + The NT status code. + + + + Set the Auditing Security Descriptor. + + The security information to set. + The security descriptor to set. + The NT status code. + + + + Query the global SACL. + + The global SACL type. + True to throw on error. + The global SACL in a Security Descriptor. + + + + Query the global SACL. + + The global SACL type. + The global SACL in a Security Descriptor. + + + + Set the global SACL. + + The global SACL type. + The SACL to set in an Security Descriptor. + True to throw on error. + The NT status code. + + + + Set the global SACL. + + The global SACL type. + The SACL to set in an Security Descriptor. + The NT status code. + + + + Get list of Audit Policy categories. + + True to throw on error. + The list of categories. + + + + Get list of Audit Policy categories. + + The list of categories. + + + + Get a single category. + + The category type. + The audit category. + + + + Get a single category. + + The category GUID. + The audit category. + + + + Get all per-user categories for denied users. + + True to throw on error. + The list of per-user categories. + + + + Get all per-user categories for denied users. + + The list of per-user categories. + + + + Get list of per-user Audit Policy categories. + + The user SID to query. + True to throw on error. + The list of categories. + + + + Get list of per-user Audit Policy categories. + + The user SID to query. + The list of categories. + + + + Get a single per-user category. + + The user SID to query. + The category type. + The audit category. + + + + Get a single per-user category. + + The user SID to query. + The category GUID. + The audit category. + + + + Class representing an Audit Sub Category. + + + + + The category. + + + + + Class representing an Audit Sub Category. + + + + + The category. + + + + + The user for the per-user category. + + + + + Class representing an Audit Sub Category. Base class. + + Enum type for the Policy flags. + + + + The ID of the sub category. + + + + + The name of the sub category. + + + + + The Current Audit Policy + + + + + Convert to string. + + The name of the subcategory. + + + + Query audit policy. + + True to throw on error. + The audit policy flags. + + + + Set audit policy. + + The flags to set. + True to throw on error. + The audit policy flags. + + + + Set audit policy. + + The flags to set. + The audit policy flags. + + + + Authentication token constructed from ASN1. + + + + + Format the Authentication Token. + + The Formatted Token. + + + + Try and parse data into an ASN1 authentication token. + + The data to parse. + The ASN1 authentication token. + True if this is a token from a client. + The token count number. + True if parsed successfully. + + + + Base class for authentication credentials. + + + + + Security data representation. + + + + + Native representation. + + + + + Network representation. + + + + + Credital flags. + + + + + Inbound credentials. + + + + + Outbound credentials. + + + + + Both credentials direction. + + + + + Default. + + + + + Auto logon restricted. Don't use automatic credentials. + + + + + Only process policy. + + + + + Initialize context request flags. + + + + + Initialize context return flags. + + + + + Access context request flags. + + + + + Accept context return flags. + + + + + Security package capability flags. + + + + + Supports integrity on messages + + + + + Supports privacy (confidentiality) + + + + + Only security token needed + + + + + Datagram RPC support + + + + + Connection oriented RPC support + + + + + Full 3-leg required for re-auth. + + + + + Server side functionality not available + + + + + Supports extended error msgs + + + + + Supports impersonation + + + + + Accepts Win32 names + + + + + Supports stream semantics + + + + + Can be used by the negotiate package + + + + + GSS Compatibility Available + + + + + Supports common LsaLogonUser + + + + + Token Buffers are in ASCII + + + + + Package can fragment to fit + + + + + Package can perform mutual authentication + + + + + Package can delegate + + + + + Supports integrity readonly checksum buffers. + + + + + Package supports restricted callers + + + + + This package extends SPNEGO, there is at most one + + + + + This package is negotiated under the NegoExtender + + + + + This package receives all calls from appcontainer apps + + + + + this package receives calls from appcontainer apps + if the following checks succeed + 1. Caller has domain auth capability or + 2. Target is a proxy server or + 3. The caller has supplied creds + + + + + This package is running with Credential Guard enabled + + + + + this package supports reliable detection of loopback + 1.) The client and server see the same sequence of tokens + 2.) The server enforces a unique exchange for each + non-anonymous authentication. (Replay detection) + + + + + Impersonation context for a server authentication. + + + + + Base class which represents an authentication key. + + + + + An authentication package entry. + + + + + Authentication package name for MSV1.0 + + + + + Authentication package name for Kerberos. + + + + + Authentication package name for Negotiate. + + + + + Authentication package name for NTLM. + + + + + Authentication package name for Digest. + + + + + Authentication package name for SChannel. + + + + + Authentication package name for CredSSP. + + + + + Capabilities of the package. + + + + + Version of the package. + + + + + RPC DCE ID. + + + + + Max token size. + + + + + Name of the package. + + + + + Comment for the package. + + + + + Get authentication packages. + + The list of authentication packages. + + + + Get authentication package names. + + The list of authentication package names. + + + + Get an authentication package by name. + + The name of the package. + The authentication package. + + + + Base class to represent an authentication token. + + + + + Decrypt the Authentication Token using a keyset. + + The set of keys to decrypt the + The decrypted token, or the same token if nothing could be decrypted. + + + + Convert the authentication token to a byte array. + + The byte array. + + + + Get the length of the token in bytes. + + + + + Format the authentication token. + + The token as a formatted string. + + + + Constructor. + + The authentication token data. + + + + Parse a structured authentication token. + + The authentication context. + The token to parse. + The parsed authentication token. If can't parse any other format returns + a raw AuthenticationToken. + + + + Parse a structured authentication token. + + The package name to parse as. + True if the token is from a client. + The token to parse. + The parsed authentication token. If can't parse any other format returns + a raw AuthenticationToken. + + + + Class to represent a client authentication context. + + + + + The current authentication token. + + + + + Whether the authentication is done. + + + + + Current request attribute flags. + + + + + Current return attribute flags. + + + + + Current data representation. + + + + + Current target name. + + + + + Current channel binding. + + + + + Current status flags. + + + + + Expiry of the authentication. + + + + + Get the Session Key for this context. + + + + + Get the maximum signature size of this context. + + + + + Get the size of the security trailer for this context. + + + + + Size of any header when using a stream protocol such as Schannel. + + + + + Size of any trailer when using a stream protocol such as Schannel. + + + + + Number of buffers needed when using a stream protocol such as Schannel. + + + + + Maximum message size when using a stream protocol such as Schannel. + + + + + Preferred block size when using a stream protocol such as Schannel. + + + + + Get the local certificate. Only used for Schannel related authentication. + + + + + Get the remote certificate. Only used for Schannel related authentication. + + + + + Get the last token status for the client context. + + + + + Get the name of the authentication package. + + + + + Get connection information for the schannel connection. + + + + + Get whether the authentication context is for loopback. + + + + + Get or set whether the context owns the credentials object or not. If true + then the credentials are disposed with the context. + + + + + Constructor. + + Credential handle. + Request attribute flags. + Target SPN (optional). + Data representation. + Optional channel binding token. + Specify to default initialize the context. Must call Continue with an auth token to initialize. + + + + Constructor. + + Credential handle. + Request attribute flags. + Target SPN (optional). + Data representation. + Optional channel binding token. + + + + Constructor. + + Credential handle. + Request attribute flags. + Target SPN (optional). + Data representation. + + + + Constructor. + + Credential handle. + Request attribute flags. + Data representation. + + + + Constructor. + + Credential handle. + + + + Continue the authentication with the server token. + + The server token to continue authentication. + + + + Continue the authentication.. + + The server token to continue authentication. + Additional input buffers for the continue, does not need to include the token. + + + + Continue the authentication. + + The server token to continue authentication. + Additional input buffers for the continue, does not need to include the token. + Additional output buffers, does not need to include the token. + + + + Continue the authentication without any token. + + Input buffers for the continue. Does not contain a token. + Specify additional output buffers, does not need to include the token. + True to throw on error. + This sends the input buffers directly to the initialize call, it does not contain any token. + + + + Continue the authentication without any token. + + Input buffers for the continue. Does not contain a token. + Specify additional output buffers, does not need to include the token. + This sends the input buffers directly to the initialize call, it does not contain any token. + + + + Continue the authentication. Will not pass any buffers to the initialize call. + + + + + Make a signature for this context. + + The message buffers to sign. + The sequence number. + The signature blob. + + + + Make a signature for this context. + + The message to sign. + The sequence number. + The signature blob. + + + + Verify a signature for this context. + + The message to verify. + The signature blob for the message. + The sequence number. + True if the signature is valid, otherwise false. + + + + Verify a signature for this context. + + The messages to verify. + The signature blob for the message. + The sequence number. + True if the signature is valid, otherwise false. + + + + Encrypt a message for this context. + + The message to encrypt. + Quality of protection flags. + The encrypted message. + The sequence number. + + + + Encrypt a message for this context. + + The messages to encrypt. + Quality of protection flags. + The signature for the messages. + The messages are encrypted in place. You can add buffers with the ReadOnly flag to prevent them being encrypted. + The sequence number. + + + + Encrypt a message for this context with no specific signature. + + The messages to encrypt. + Quality of protection flags. + The sequence number. + The messages are encrypted in place. You can add buffers with the ReadOnly flag to prevent them being encrypted. + If you need to return a signature then it must be specified in a buffer. + + + + Decrypt a message for this context. + + The message to decrypt. + The sequence number. + The decrypted message. + + + + Decrypt a message for this context. + + The messages to decrypt. + The sequence number. + The signature for the messages. + The messages are decrypted in place. You can add buffers with the ReadOnly flag to prevent them being decrypted. + + + + Decrypt a message for this context. + + The messages to decrypt. + The sequence number. + The messages are decrypted in place. You can add buffers with the ReadOnly flag to prevent them being decrypted. + If you need to specify a signature you need to add a buffer. + + + + Query the context's package info. + + The authentication package info, + + + + Export and delete the current security context. + + The exported security context. + The security context will not longer be usable afterwards. + + + + Dispose the client context. + + + + + Finalizer. + + + + + Class to represent a credential handle. + + + + + Name of the authentication package used. + + + + + Expiry of the credentials. + + + + + Constructor. + + User principal. + The package name. + Optional authentication ID for the user. + Credential user flags. + Optional authentication data. + + + + Create a new credential handle. + + User principal. + The package name. + Optional authentication ID for the user. + Credential user flags. + Optional credentials. + The credential handle. + + + + Create a new credential handle. + + The package name. + Optional authentication ID for the user. + Credential user flags. + Optional credentials. + The credential handle. + + + + Create a new credential handle. + + The package name. + Credential user flags. + Optional credentials. + The credential handle. + + + + Create a new credential handle. + + The package name. + Credential user flags. + The credential handle. + + + + Dispose. + + + + + Finalizer. + + + + + Credentials for the CredSSP package. + + This is only needed if you must have both schannel and user credentials. Otherwise use UserCredentials or SchannelCredentials. + + + + Constructor. + + The credentials for the Schannel connection. + The credentials for the user. + + + + Constructor. + + The credentials for the user. + + + + Authentication token for a digest token. + + + + + The digest token as a string. + + + + + Format the authentication token. + + + + + + An encrypted message. + + + + + The encrypted message. + + + + + The signature for the message. + + + + + Constructor. + + The encrypted message. + The signature for the message. + + + + Class to represent an exported security context. + + + + + The name of the package for this security context. + + + + + The serialized context. + + + + + The context's token. + + + + + Dispose the exported context. + + + + + A class which represents an GSS-API Token. + + + + + Interface for authentication contexts. + + + + + The current authentication token. + + + + + Whether the authentication is done. + + + + + Expiry of the authentication. + + + + + Session key for the context. + + + + + Make a signature for this context. + + The message to sign. + The sequence number. + The signature blob. + + + + Verify a signature for this context. + + The message to verify. + The signature blob for the message. + The sequence number. + True if the signature is valid, otherwise false. + + + + Make a signature for this context. + + The message buffers to sign. + The sequence number. + The signature blob. + + + + Verify a signature for this context. + + The messages to verify. + The signature blob for the message. + The sequence number. + True if the signature is valid, otherwise false. + + + + Encrypt a message for this context. + + The message to encrypt. + Quality of protection flags. + The encrypted message. + The sequence number. + + + + Encrypt a message for this context. + + The messages to encrypt. + Quality of protection flags. + The signature for the messages. + The messages are encrypted in place. You can add buffers with the ReadOnly flag to prevent them being encrypted. + The sequence number. + + + + Encrypt a message for this context with no specific signature. + + The messages to encrypt. + Quality of protection flags. + The sequence number. + The messages are encrypted in place. You can add buffers with the ReadOnly flag to prevent them being encrypted. + If you need to return a signature then it must be specified in a buffer. + + + + Decrypt a message for this context. + + The message to decrypt. + The sequence number. + The decrypted message. + + + + Decrypt a message for this context. + + The messages to decrypt. + The signature for the messages. + The sequence number. + The messages are decrypted in place. You can add buffers with the ReadOnly flag to prevent them being decrypted. + + + + Decrypt a message for this context. + + The messages to decrypt. + The sequence number. + The messages are decrypted in place. You can add buffers with the ReadOnly flag to prevent them being decrypted. + If you need to specify a signature you need to add a buffer. + + + + Export and delete the current security context. + + The exported security context. + The security context will not longer be usable afterwards. + + + + Query the context's package info. + + The authentication package info, + + + + Get the name of the authentication package. + + + + + Continue the authentication with the token. + + The token to continue authentication. + + + + Continue the authentication.. + + The token to continue authentication. + Additional input buffers for the continue, does not need to include the token. + + + + Continue the authentication. + + The token to continue authentication. + Additional input buffers for the continue, does not need to include the token. + Specify additional output buffers, does not need to include the token. + + + + Continue the authentication. + + Additional input buffers for the continue. Does not contain a token. + Specify additional output buffers, does not need to include the token. + This sends the input buffers directly to the initialize call, it does not contain any token. + + + + Continue the authentication. Will not pass any buffers to the accept call. + + + + + Get the maximum signature size of this context. + + + + + Get the size of the security trailer for this context. + + + + + Interface for a client authentication context. + + + + + Get the last token status for the client context. + + + + + Placeholder interface for a server authentication context. + + + + + Utilities for building Kerberos structures. + + + + + Class to represent a Kerberos AP Reply. + + + + + Encrypted mutual authentication data. + + + + + Format the Authentication Token. + + The Formatted Token. + + + + Decrypt the Authentication Token using a keyset. + + The set of keys to decrypt the + The decrypted token, or the same token if nothing could be decrypted. + + + + Try and parse data into an ASN1 authentication token. + + The data to parse. + The Negotiate authentication token. + Parsed DER Values. + + + + Encrypted part for AP-REP messages. + + + + + Client uS. + + + + + Client time. + + + + + Subkey. + + + + + Sequence number. + + + + + Options for AP Request + + + + + None. + + + + + Use Session Key. + + + + + Mutual authentication required. + + + + + Class to represent a Kerberos AP Request. + + + + + AP Request Options. + + + + + The Kerberos Ticket. + + + + + Authenticator data. + + + + + Format the Authentication Token. + + The Formatted Token. + + + + Decrypt the Authentication Token using a keyset. + + The set of keys to decrypt the + The decrypted token, or the same token if nothing could be decrypted. + + + + Try and parse data into an ASN1 authentication token. + + The data to parse. + The Negotiate authentication token. + Parsed DER Values. + + + + A single kerberos key. + + + + + The Key encryption type. + + + + + The key. + + + + + The key name type. + + + + + The Realm for the key. + + + + + The name components for the key. + + + + + Principal name as a string. + + + + + Timestamp when key was created. + + + + + Key Version Number (KVNO). + + + + + Constructor. + + The Key encryption type. + The key. + The key name type. + The Realm for the key. + The name components for the key. + Timestamp when key was created. + Key Version Number (KVNO). + + + + Constructor. + + The Key encryption type. + The key. + The key name type. + The Realm for the key. + The name components for the key. + Timestamp when key was created. + Key Version Number (KVNO). + + + + Constructor. + + The Key encryption type. + The key. + The key name type. + Principal for key, in form TYPE/name@realm. + Timestamp when key was created. + Key Version Number (KVNO). + + + + Constructor. + + The Key encryption type. + The key as a hex string. + The key name type. + Principal for key, in form TYPE/name@realm. + Timestamp when key was created. + Key Version Number (KVNO). + + + + Derive a key from a password. + + Not all encryption types are supported. + The key encryption to use. + The password to derice from. + Iterations for the password derivation. + The key name type. + Principal for key, in form TYPE/name@realm. + Salt for the key. + Key Version Number (KVNO). + + + + + Authentication Token for Kerberos. + + + + + Protocol version. + + + + + Message type. + + + + + Parse bytes into a kerberos token. + + The kerberos token in bytes. + The Kerberos token. + + + + Try and parse data into an Kerberos authentication token. + + The data to parse. + The Kerberos authentication token. + True if this is a token from a client. + The token count number. + True if parsed successfully. + + + + Class to represent an unencrypted kerberos authenticator. + + + + + Authenticator version. + + + + + Client realm. + + + + + Client name. + + + + + Checksum value. + + + + + Client uS. + + + + + Client time. + + + + + Subkey. + + + + + Sequence number. + + + + + Authorization data. + + + + + Type of Authorization Data. + + + + + Class representing Kerberos authentication data. + + + + + Type of authentication data. + + + + + Data bytes. + + + + + Flags for the AD-AUTH-DATA-AP-OPTIONS authorization data. + + + + + Class to represent the AD-AUTH-DATA-AP-OPTIONS authorization data. + + + + + Flags for the AD-AUTH-DATA-AP-OPTIONS authorization data. + + + + + Class to represent AD_ETYPE_NEGOTIATION type. + + + + + List of supported encryption types. + + + + + Class to represent a KERB_LOCAL authorization data value. + + + + + The security context identifier for the KERB_LOCAL value. + + + + + Class to represent AD_WIN2K_PAC type. + + + + + List of PAC entries. + + + + + Source of a set of claims. + + + + + From Active Directory. + + + + + From a certificate. + + + + + A single claim set. + + + + + The source of the claims array. + + + + + The list of claim attributes. + + + + + Class representing a Claims Set in the PAC. + + + + + List of claims arrays. + + + + + Class to represent PAC Client Info. + + + + + Client ID. + + + + + Name of client. + + + + + Class to represent PAC Device Info. + + + + + Sid of the Device. + + + + + Primary group SID. + + + + + List of account groups. + + + + + List of extra SIDs. + + + + + List of domain groups. + + + + + Type for the PAC Entry. + + + + + Single PAC Entry. + + + + + Type of PAC entry. + + + + + The PAC data. + + + + + User account control flags. + + + + + User flags for kerberos authentication. + + + + + Class to represent PAC Logon Information. + + + + + Logon time. + + + + + Logoff time. + + + + + Kick off time. + + + + + Time password last set. + + + + + Time password can change. + + + + + Time password must change. + + + + + Effective name. + + + + + Full name. + + + + + Logon script path. + + + + + Profile path. + + + + + Home directory path. + + + + + Home directory drive. + + + + + Logon count. + + + + + Bad password count. + + + + + User SID. + + + + + Primary group SID. + + + + + Group list. + + + + + User flags. + + + + + User session key. + + + + + Logon server name. + + + + + Logon domain name. + + + + + Logon domain sid. + + + + + Extra SIDs. + + + + + User account control flags. + + + + + Resource domain group SID. + + + + + Resource groups. + + + + + Class to represent a PAC signature. + + + + + Signature type. + + + + + Signature. + + + + + Read-only Domain Controller Identifier. + + + + + Flags for the UPN_DNS_INFO. + + + + + No flags. + + + + + The user has no UPN. + + + + + Class to represent UPN_DNS_INFO. + + + + + Flags. + + + + + The User Principal Name. + + + + + The DNS Domain Name. + + + + + Flags for KerberosAuthorizationDataRestrictionEntry + + + + + Full UAC token. + + + + + Limited UAC token. + + + + + Class to represent the KERB_AD_RESTRICTION_ENTRY AD type. + + + + + Flags. + + + + + Token IL. + + + + + Machine ID. + + + + + Class to represent the AD-AUTH-DATA-TARGET-NAME authorization data. + + + + + The target name. + + + + + Class to represent a Kerberos Checksum. + + + + + Type of kerberos checksum. + + + + + The checksum value. + + + + + Flags for GSSAPI Checksum. + + + + + A kerberos checksum in GSS API Format. + + + + + Channel binding hash. + + + + + Flags for checksum. + + + + + Delegation option identifier. + + + + + KRB_CRED structure when in delegation. + + + + + Additional extension data. + + + + + Kerberos Checksum Type. + + + + + Class representing a KRB-CRED structure. + + + + + List of tickets in this credential. + + + + + Encrypted part contains sesssion keys etc. + + + + + Format the Authentication Token. + + The Formatted Token. + + + + Decrypt the Authentication Token using a keyset. + + The set of keys to decrypt the + The decrypted token, or the same token if nothing could be decrypted. + + + + Try and parse data into an ASN1 authentication token. + + The data to parse. + The Negotiate authentication token. + Parsed DER Values. + + + + Class to represent Kerberos Encrypted Data. + + + + + Encryption type for the CipherText. + + + + + Key version number. + + + + + Cipher Text. + + + + + Kerberos Encryption Type. + + + + + Class to represent a Kerberos Error. + + + + + Client time. + + + + + Client micro-seconds. + + + + + Server time. + + + + + Server micro-seconds. + + + + + Error code. + + + + + Client realm. + + + + + Client name. + + + + + Server realm. + + + + + Server name, + + + + + Error text. + + + + + Error data. + + + + + Format the Authentication Token. + + The Formatted Token. + + + + Create a new KRB-ERROR authentication token. + + Optional client time. + Server time. + Error code. + Optional client realm. + Optional client name. + Server realm + Server name. + Optional error text. + Optional error data. + The KRB-ERROR authentication token. + + + + Try and parse data into an ASN1 authentication token. + + The data to parse. + The Negotiate authentication token. + Parsed DER Values. + + + + Kerberos Error Type. + + + + + Class to represent a cached external ticket. + + + + + Service name. + + + + + Target name. + + + + + Client name. + + + + + Domain name. + + + + + Target domain name. + + + + + Alt target domain name. + + + + + Session key for ticket. + + + + + Ticket flags. + + + + + Additional reserved flags. + + + + + Key expiration time. + + + + + Ticket start time. + + + + + Ticket end time. + + + + + Ticket renew time. + + + + + Time skew. + + + + + Ticket. + + + + + Type of Kerberos Host Address. + + + + + Class representing a Kerberos Host Address. + + + + + Type of host address. + + + + + Address bytes. + + + + + ToString Method. + + The formatted string. + + + + A set of Kerberos Keys. + + + + + Get keys which match the encryption type. + + The encryption type. + The list of keys which match the encryption type. + + + + Add a key to the key set. + + The key to add. + True if the key was added, false if the key already existed. + + + + Remove a key from the key set. + + The key to remove. + True if the key was removed. + + + + Find a key based on various parameters. + + The encryption type. + The name type. + The principal. + The key version. + + + + + Read keys from a MIT KeyTab file. + + The file stream. + The key set. + Throw if invalid file. + + + + Read keys from a MIT KeyTab file. + + The file path. + The key set. + Throw if invalid file. + + + + Constructor. + + + + + Constructor. + + The single kerberos key. + + + + Constructor. + + A list of kerberos keys. + + + + Key usage for kernel encryption. + + + + + Kerberos Message Type. + + + + + Kerberos Name Type. + + + + + Kerberos Pre-Authentication Data Types. + + + + + A Kerberos Principal Name. + + + + + The name type. + + + + + The names for the principal. + + + + + Full name. + + + + + ToString method. + + String of the object. + + + + Get principal name with a realm. + + The realm for the principal. + The principal. + + + + Constructor. + + The type of the principal name. + The list of names for the principal. + + + + Class to represent a User to User TGT Reply. + + + + + The Kerberos Ticket. + + + + + Format the Authentication Token. + + The Formatted Token. + + + + Decrypt the Authentication Token using a keyset. + + The set of keys to decrypt the + The decrypted token, or the same token if nothing could be decrypted. + + + + Create a new TGT-REP authentication token. + + The TGT ticket to embed in the token. + The + + + + Create a new TGT-REP authentication token. + + The TGT ticket to embed in the token. + The + + + + Try and parse data into an ASN1 authentication token. + + The data to parse. + The Negotiate authentication token. + Parsed DER Values. + + + + Class to represent a User to User TGT Request. + + + + + Realm. + + + + + Server name. + + + + + Format the Authentication Token. + + The Formatted Token. + + + + Create a new TGT-REQ authentication token. + + Optional realm string. + Optional server name. + The new TGT-REQ authentication token. + + + + Create a new TGT-REQ authentication token without the GSS-API wrapper. + + Optional realm string. + Optional server name. + The new TGT-REQ authentication token. + + + + Try and parse data into an ASN1 authentication token. + + The data to parse. + The Negotiate authentication token. + Parsed DER Values. + + + + Class to represent a Kerberos ticket. + + + + + Version number for the ticket. + + + + + Realm. + + + + + Server name. + + + + + Encrypted data for the ticket. + + + + + Get the principal for the ticket. + + + + + Indicates that the ticket has been decrypted. + + + + + Decrypt the kerberos ticket. + + The Kerberos key set containing the keys. + The key usage for the decryption. + The decrypted kerberos ticket. + + + + Format the ticket to a string. + + The ticket as a string. + + + + Convert the ticket to an array. + + The ticket as an array. + + + + Class to query the Kerberos Ticket Cache from LSASS. + + + + + Get a Kerberos Ticket. + + The target service for the Ticket. + True to only query for cached tickets. + True to throw on error. + The Kerberos Ticket. + + + + Get a Kerberos Ticket. + + The target service for the Ticket. + True to only query for cached tickets. + The Kerberos Ticket. + + + + Get a Kerberos Ticket. + + The target service for the Ticket. + The Kerberos Ticket. + + + + Query Kerberos Ticket cache. + + The Logon Session ID to query. + True to throw on error. + The list of cached tickets. + + + + Query Kerberos Ticket cache. + + The Logon Session ID to query. + The list of cached tickets. + + + + Query Kerberos Ticket cache for the current logon session. + + The list of cached tickets. + + + + Flags for a Kerberos Ticket. + + + + + Class to represent a Decrypted Kerberos ticket. + + + + + Ticket flags. + + + + + Client Realm. + + + + + Client name. + + + + + Authentication time, + + + + + Start time. + + + + + End time. + + + + + Renew till time. + + + + + The kerberos session key. + + + + + The ticket transited type information. + + + + + List of host addresses for ticket. + + + + + List of authorization data. + + + + + The supported transited encoding types. + + + + + None. + + + + + X.500 Compress. + + + + + Class to represent a Kerberos Transiting Encoding. + + + + + Transited encoding type. + + + + + Transited encoding data. + + + + + Utilities for Kerberos authentication. + + + + + Read keys from a MIT KeyTab file. + + The file stream. + The list of keys. + Throw if invalid file. + + + + Read keys from a MIT KeyTab file. + + The file path. + The list of keys. + Throw if invalid file. + + + + Write keys to a MIT KeyTab file. + + The file stream. + List of key entries. + + + + Write keys to a MIT KeyTab file. + + The file path. + List of key entries. + + + + Generate an MIT KeyTab file. + + List of key entries. + The keytab file as bytes. + + + + Class to represent a Local Logon Session. + + + + + Logon/Authentication ID for session. + + + + + Username. + + + + + Logon domain. + + + + + Get the FQ User Name. + + + + + Authentication package. + + + + + Logon type. + + + + + Session ID. + + + + + User SID. + + + + + Logon Time. + + + + + Logon Server. + + + + + DNS Domain Name. + + + + + User Principal Name. + + + + + User Flags. + + + + + Last successful logon. + + + + + Last failed logon. + + + + + Count of failed logon attempts. + + + + + Logon script path. + + + + + Profile path. + + + + + Home directory. + + + + + Home directory drive. + + + + + Logoff time. + + + + + Kickoff Time. + + + + + Time password last set. + + + + + Password can change. + + + + + Password must change. + + + + + Get a logon session. + + The logon session ID. + True to thrown on error. + The logon session. + + + + Get the logon session LUIDs + + True throw on error. + The list of logon sessions. Only returns ones you can access. + + + + Get the logon sessions. + + True throw on error. + The list of logon sessions. Only returns ones you can access. + + + + Class to represent an LSA logon handle. + + + + + Connect to the LSA untrusted. + + True to throw on error. + The LSA logon handle. + + + + Connect to the LSA untrusted. + + The LSA logon handle. + + + + Connect to LSA and register as a logon process. + + The arbitrary name of the process. + True to throw on error. + The LSA logon handle. + + + + Connect to LSA and register as a logon process. + + The arbitrary name of the process. + The LSA logon handle. + + + + Logon a user. + + The type of logon. + The authentication package to use. + The name of the origin. + The token source context. + The authentication credentials buffer. + Additional local groups. + True to throw on error. + The LSA logon result. + + + + Logon a user. + + The type of logon. + The authentication package to use. + The name of the origin. + The token source context. + The authentication credentials buffer. + Additional local groups. + The LSA logon result. + + + + Dispose of the LSA logon handle. + + + + + Result from an LsaLogonUser call. + + + + + The user's token. + + + + + The user's profile information. Format depends on the authentication package. + + + + + The authentication ID of the logon session. + + + + + Paged pool quota. + + + + + Non paged pool quota. + + + + + Minimum working set size. + + + + + Maximum working set size. + + + + + Page file limit. + + + + + Process time limit. + + + + + Dispose the LSA logon result. + + + + + SPNEGO Authentication Token. + + + + + The negotiated authentication token. + + + + + Optional message integrity code. + + + + + Decrypt the Authentication Token using a keyset. + + The set of keys to decrypt the + The decrypted token, or the same token if nothing could be decrypted. + + + + Format the authentication token. + + The token as a formatted string. + + + + Parse bytes into a negotiate token. + + The negotiate token in bytes. + The Negotiate token. + + + + Try and parse data into an Negotiate authentication token. + + The data to parse. + The Negotiate authentication token. + True if this is a token from a client. + The token count number. + True if parsed successfully. + + + + Flags for negotiation context. + + + + + Class to represent the negTokenInit message in SPNEGO. + + + + + List of supported negotiation mechanisms. + + + + + Context flags. + + + + + State of the Negotiate state. + + + + + Negotiate completed. + + + + + Negotiate incomplete. + + + + + Negotiate rejected. + + + + + Request Message Integrity Code. + + + + + Class to represent the negTokenResp message in SPNEGO. + + + + + Supported mechanism for the token, optional. + + + + + Current state of the negotiation. + + + + + Class to represent an NTLM AUTHENTICATE token for NTLMv1. + + + + + Domain name. + + + + + Workstation name. + + + + + Username. + + + + + NTLM version. + + + + + Encrypted session key. + + + + + LM Challenge Response. + + + + + LM Challenge Response. + + + + + Message integrity code. + + + + + Message integrity code offset into the token data. + + + + + Format the authentication token. + + The formatted token. + + + + Class to represent an NTLM AUTHENTICATE token for NTLMv2. + + + + + NT Proof Response. + + + + + Challenge version. + + + + + Maximum challenge version. + + + + + Reserved field. + + + + + Reserved field. + + + + + Timestamp. + + + + + Client challenge. + + + + + Reserved field. + + + + + NTLM Target Information. + + + + + Flags for NTLM negotiation. + + + + + NTLM message type. + + + + + Base class to represent an NTLM authentication token. + + + + + Type of NTLM message. + + + + + NTLM negotitation flags. + + + + + Try and parse data into an NTLM authentication token. + + The data to parse. + The NTLM authentication token. + True if this is a token from a client. + The token count number. + True if parsed successfully. + + + + Try and parse data into an NTLM authentication token. + + The data to parse. + The NTLM authentication token. + + + + The type of the AV_PAIR. + + + + + MS AV Flags. + + + + + An NTLM AV_PAIR. + + + + + The type of the AV Pair value. + + + + + An NTLM AV_PAIR with a string value. + + + + + The string value. + + + + + ToString method. + + Pair as a string. + + + + An NTLM AV_PAIR with a timestamp value; + + + + + The timestamp value. + + + + + ToString method. + + Pair as a string. + + + + An NTLM AV_PAIR with a bytes value. + + + + + The value. + + + + + ToString method. + + Pair as a string. + + + + An NTLM AV_PAIR with a flags value. + + + + + The value. + + + + + ToString method. + + Pair as a string. + + + + An NTLM AV_PAIR with a flags value. + + + + + The the Z4 data. + + + + + Custom data blob. + + + + + Machine ID. + + + + + ToString method. + + Pair as a string. + + + + Class to represent an NTLM CHALLENGE token. + + + + + Target name. + + + + + Server challenge. + + + + + Reserved. + + + + + NTLM version. + + + + + NTLM Target Information. + + + + + Format the authentication token. + + The formatted token. + + + + Class to represent an NTLM NEGOTIATE token. + + + + + Domain name. + + + + + Workstation name. + + + + + NTLM version. + + + + + Format the authentication token. + + The formatted token. + + + + Algorithm identifiers for the crypto APIs and Schannel. + + + + + Authentication token for Schannel and CredSSP. + + This is a simple parser for the TLS record format. + + + + List of TLS records. + + + + + Format the authentication token. + + The token as a formatted string. + + + + Try and parse data into an SChannel authentication token. + + The data to parse. + The SChannel authentication token. + True if this is a token from a client. + The token count number. + True if parsed successfully. + + + + Negotiated connection information for Schannel. + + + + + The protocol used by Schannel. + + + + + The negotitated cipher algorithm. + + + + + The negotiated cipher strength in bits. + + + + + The negotiated hash algorithm. + + + + + The negotiated hash string. + + + + + The negotiated key exchange algorithm. + + + + + The negotiated key exchange strength. + + + + + Credentials for the Schannel package. + + + + + Lifespan of a session in milliseconds. + + + + + Specify flags for credentials. + + + + + Specify the supported protocols. + + + + + Set the minimum cipher strength. + + + + + Set the maximum cipher strength. + + + + + Add a certificate the the credentials. This should contain a private key. + + The certificate to add. + + + + Add an algorithm type to the credentials. + + The algorithm type. + + + + Dispose the credentials. + + + + + Flags for the Schannel credentials. + + + + + Protocol type for Schannel. + + + + + Flags for message encryption. + + + + + None. + + + + + Wrap out of bound data. + + + + + Wrap but don't encrypt. + + + + + Class to represent a server authentication context. + + + + + The current authentication token. + + + + + Whether the authentication is done. + + + + + Current request attributes. + + + + + Current data representation. + + + + + Current channel bindings. + + + + + Current return attributes. + + + + + Current status flags. + + + + + Expiry of the authentication. + + + + + Get the client name supplied by the Client. + + + + + Get the Session Key for this context. + + + + + Get the maximum signature size of this context. + + + + + Get the size of the security trailer for this context. + + + + + Size of any header when using a stream protocol such as Schannel. + + + + + Size of any trailer when using a stream protocol such as Schannel. + + + + + Number of buffers needed when using a stream protocol such as Schannel. + + + + + Maximum message size when using a stream protocol such as Schannel. + + + + + Preferred block size when using a stream protocol such as Schannel. + + + + + Get the name of the authentication package. + + + + + Get connection information for the schannel connection. + + + + + Get the local certificate. Only used for Schannel related authentication. + + + + + Get the remote certificate. Only used for Schannel related authentication. + + + + + Get whether the authentication context is for loopback. + + + + + Get or set whether the context owns the credentials object or not. If true + then the credentials are disposed with the context. + + + + + Get an access token for the authenticated user. + + The user's access token. + + + + Impersonate the security context. + + The disposable context to revert the impersonation. + + + + Continue the authentication with the client token. + + The client token to continue authentication. + + + + Continue the authentication.. + + The client token to continue authentication. + Specify additional input buffers, does not need to include the token. + + + + Continue the authentication. + + The client token to continue authentication. + Specify additional input buffers, does not need to include the token. + Specify additional output buffers, does not need to include the token. + + + + Continue the authentication. + + Additional input buffers for the continue. Does not contain a token. + Specify additional output buffers, does not need to include the token. + True to throw on error. + This sends the input buffers directly to the initialize call, it does not contain any token. + + + + Continue the authentication. + + Additional input buffers for the continue. Does not contain a token. + Specify additional output buffers, does not need to include the token. + This sends the input buffers directly to the initialize call, it does not contain any token. + + + + Continue the authentication. Will not pass any buffers to the accept call. + + + + + Make a signature for this context. + + The message buffers to sign. + The sequence number. + The signature blob. + + + + Make a signature for this context. + + The message to sign. + The sequence number. + The signature blob. + + + + Verify a signature for this context. + + The message to verify. + The signature blob for the message. + The sequence number. + True if the signature is valid, otherwise false. + + + + Verify a signature for this context. + + The messages to verify. + The signature blob for the message. + The sequence number. + True if the signature is valid, otherwise false. + + + + Encrypt a message for this context. + + The message to encrypt. + Quality of protection flags. + The encrypted message. + The sequence number. + + + + Encrypt a message for this context. + + The messages to encrypt. + Quality of protection flags. + The signature for the messages. + The messages are encrypted in place. You can add buffers with the ReadOnly flag to prevent them being encrypted. + The sequence number. + + + + Encrypt a message for this context with no specific signature. + + The messages to encrypt. + Quality of protection flags. + The sequence number. + The messages are encrypted in place. You can add buffers with the ReadOnly flag to prevent them being encrypted. + If you need to return a signature then it must be specified in a buffer. + + + + Decrypt a message for this context. + + The messages to decrypt. + The sequence number. + The signature for the messages. + The messages are decrypted in place. You can add buffers with the ReadOnly flag to prevent them being decrypted. + + + + Decrypt a message for this context. + + The messages to decrypt. + The sequence number. + The messages are decrypted in place. You can add buffers with the ReadOnly flag to prevent them being decrypted. + If you need to specify a signature you need to add a buffer. + + + + Decrypt a message for this context. + + The message to decrypt. + The sequence number. + The decrypted message. + + + + Query the context's package info. + + The authentication package info, + + + + Export and delete the current security context. + + The exported security context. + The security context will not longer be usable afterwards. + + + + Constructor. + + Credential handle. + Request attribute flags. + Optional channel binding token. + Data representation. + + + + Constructor. + + Credential handle. + Request attribute flags. + Data representation. + + + + Constructor. + + Credential handle. + + + + Dispose the client context. + + + + + Finalizer. + + + + + Class to represent a service principal name. + + + + + SPN service class. + + + + + SPN service name. + + + + + SPN instance name. + + + + + SPN instance port. + + + + + SPN referrer. + + + + + Constructor. + + The service class name. + The name of the instance. + + + + Parse an SPN string to a class. + + The SPN string. + The parsed class. + Thrown in invalid SPN. + + + + Try and parse an SPN string to a class. + + The SPN string. + The result class. + True if the SPN was parsed successfully. + Thrown in invalid SPN. + + + + Convert SPN to a string. + + The SPN string. + + + + Class to hold user credentials. + + + + + The user name. + + + + + The domain. + + + + + The password as a secure string. + + + + + Constructor. + + Username. + Domain name. + Password. + + + + Set the password as in plain text. + + The password in plain text. + + + + Constructor. + + Username. + Domain name. + Password. + + + + Constructor. + + Username. + Domain name. + + + + Constructor. + + Username. + + + + Constructor. + + + + + Dispose method. + + + + + Class to represent a single authenticode certificate entry. + + + + + The list of certificates in the entry. + + + + + Whethe the entry contains page hashes. + + + + + Utilities for authenticode. + + + + + Get certificates from a PE file. + + The PE file. + True the throw on error. + The list of authenticode certificate entries. + + + + Get certificates from a PE file. + + The path to the PE file. + True the throw on error. + The list of authenticode certificate entries. + + + + Get certificates from a PE file. + + The path to the PE file, native path format. + The list of authenticode certificate entries. + + + + Gets wether the PE file has page hash entries. + + The path to the PE file, native path format. + True if the file contains page hashes. + + + + Query ELAM information from a driver's resource section. + + The path to the file. + True to throw on error. + The ELAM information if present. + + + + Query ELAM information from a driver's resource section. + + The path to the file. + The ELAM information if present. + + + + Get the VSM enclave configuration. + + The path to the file. + True to throw on error. + The VSM enclave configuration. + + + + Get the VSM enclave configuration. + + The path to the file. + The VSM enclave configuration. + + + + ELAM information. + + + + + The hash of the certificate. + + + + + The hash algorithm. + + + + + List of optional EKUs. + + + + + Overridden ToString method. + + The ELAM information as a string. + + + + Class to represent a VSM enclave configuration. + + + + + Minimum required configuration size. + + + + + Policy flags. + + + + + List of enclave imports. + + + + + Family ID. + + + + + Image ID. + + + + + Image version. + + + + + Security version. + + + + + Size of the enclave. + + + + + Number of threads for the enclave. + + + + + Enclave flags. + + + + + Is the enclave debuggable. + + + + + Is this a primary image. + + + + + Path to the image file. + + + + + Name of the image file. + + + + + ToString method. + + The object as a string. + + + + Class to represent an enclave import. + + + + + Match type for the import. + + + + + Minimum security version. + + + + + Unique or author ID. + + + + + Family ID. + + + + + Image ID. + + + + + Import name. + + + + + ToString method. + + The name of the import. + + + + Image policy entry. + + + + + Type of entry. + + + + + Policy ID. + + + + + Value of entry. + + + + + Image policy ID. + + + + + Class to represnt image policy metadata. + + + + + Version of the metadata. + + + + + The ID of the trustlet. + + + + + The optional policies for the trustlet. + + + + + Overridden ToString method. + + The object as a string. + + + + Extract image policy metadata from an image file. + + The path to the image file. Should be a win32 path. + True to throw on error. + The image policy metadata. + + + + Extract image policy metadata from an image file. + + The path to the image file. Should be a win32 path. + The image policy metadata. + + + + Access check result from AuthZ. + + + + + The Win32 error code from the access check. + + + + + Class to represent an AuthZ client context. + + + + + Get AuthZ user + + + + + Get AuthZ context groups. + + + + + Get AuthZ context restricted SIDs. + + + + + Get AuthZ context device groups. + + + + + Get AuthZ context capability SIDs. + + + + + Get AuthZ context's security attributes + + + + + Get AuthZ context's device claims. + + + + + Get AuthZ context's user claims. + + + + + Get list of privileges for the AuthZ context. + + The list of privileges + Thrown if can't query privileges + + + + Get AppContainer SID. + + + + + Indicates if this context is connected to a remote access server. + + + + + Set AppContainer Information to Context. + + The package SID. + List of capabilities. + True to throw on error + The NT status code. + + + + Set AppContainer Information to Context. + + The package SID. + List of capabilities. + + + + Modify groups in the context. + + The type of group to modify. + The list of groups to modify. + The list of operations. Should be same size of group list. + True to throw on error. + The NT status code. + + + + Modify groups in the context. + + The type of group to modify. + The list of groups to modify. + The list of operations. Should be same size of group list. + + + + Modify groups in the context. + + The type of group to modify. + The list of SIDs to modify. + The attributes for the SIDs. + The operation for the SIDs. + + + + Modify groups in the context. + + The type of group to modify. + The list of SIDs to modify. + The operation for the SIDs. + + + + Add a SID to the context. + + The SID to add. + + + + Add a Device SID to the context. + + The SID to add. + + + + Add a Device SID to the context. + + The SID to add. + + + + Add a list of SIDs to the context. + + The list of SIDS. + + + + Get list of groups for the AuthZ context. + + The group type. + True to throw on error. + The list of groups. + + + + Get list of groups for the AuthZ context. + + The group type. + The list of groups. + + + + Get the user from the AuthZ context. + + True to throw on error. + The user group information. + + + + Get the AppContainer SID from the AuthZ context. + + True to throw on error. + The AppContainer SID. + + + + Get AuthZ context's security attributes + + Specify the type of security attributes to query. + Throw on error. + The security attributes. + + + + Get token privileges. + + True to throw on error. + The list of privileges. + + + + Perform an Access Check. + + The security descriptor for the check. + Optional list of security descriptors to merge. + The desired access. + Optional Principal SID. + Optional list of object types. + NT Type for access checking. + True to throw on error. + The list of access check results. + The list of object types is restricted to 256 entries for remote access checks. + + + + Perform an Access Check. + + The security descriptor for the check. + Optional list of security descriptors to merge. + The desired access. + Optional Principal SID. + Optional list of object types. + NT Type for access checking. + The list of access check results. + The list of object types is restricted to 256 entries for remote access checks. + + + + Dispose client context. + + + + + Clone the current context. + + True to throw on error. + The new client context. + + + + Clone the current context. + + The new client context. + + + + Flags to initialize a client context from a SID. + + + + + None. + + + + + Skip gathering token groups. + + + + + Require S4U logon. + + + + + Computer token privileges. + + + + + Specify the type of SIDs. + + + + + Normal Group SIDs. + + + + + Restricted SIDs. + + + + + Device Group SIDs. + + + + + Capability SIDs. + + + + + Delegate to handle a callback ACE. + + The ACE to handle. + True if the ACE should be processed. + + + + Class to represent a AuthZ Resource Manager. + + + + + The name of the resource manager if any. + + + + + Indicates if this resource manager is connected to a remote access server. + + + + + Dispose the resource manager. + + + + + Create a client context from a Token. + + The token to create the context from. + True to throw on error. + The created client context. + + + + Create a client context from a Token. + + The token to create the context from. + The created client context. + + + + Create a client context from a Token. + + The sid to create the context from. + Flags for intialization. + True to throw on error. + The created client context. + + + + Create a client context from a Token. + + The sid to create the context from. + Flags for intialization. + The created client context. + + + + Create a new AuthZ resource manager. + + The name of the resource manager, optional. + Optional flags for the resource manager. + Optional callback to handle callback ACEs. + True to throw on error. + The created AuthZ resource manager. + + + + Create a new AuthZ resource manager. + + The name of the resource manager, optional. + Optional flags for the resource manager. + Optional callback to handle callback ACEs. + The created AuthZ resource manager. + + + + Create a new AuthZ resource manager. Will not enable auditing. + + The created AuthZ resource manager. + + + + Create a remote AuthZ resource manager from a raw binding string. + + The RPC string binding for the server. + The SPN for the server. + True to throw on error. + The created AuthZ resource manager. + + + + Create a remote AuthZ resource manager from a raw binding string. + + The RPC string binding for the server. + The SPN for the server. + The created AuthZ resource manager. + + + + Create a remote AuthZ resource manager from a raw binding string. + + The address of the server. + The SPN for the server. + Specify the type of + True to throw on error. + The created AuthZ resource manager. + + + + Create a remote AuthZ resource manager from a raw binding string. + + The network address of the server. + The SPN for the server. + Specify the type of + The created AuthZ resource manager. + + + + Initialization flags for resource manager. + + + + + None + + + + + Disable auditing. + + + + + Initialize using impersonation token. + + + + + Disable central access policies. + + + + + Type of remote service to access. + + + + + Default, no evaluation of CAPs. + + + + + Evaluates CAPs. + + + + + Security Attribute type. + + + + + Token Security Attributes. + + + + + Device Claims. + + + + + User Claims. + + + + + SID operation for an AuthZ client context. + + + + + None. + + + + + Replace all SIDs. + + + + + Add SIDs. + + + + + Delete SIDs. + + + + + Replace SIDs. + + + + + Progress invoke setting for tree security. + + + + + The source of inheritance for a resource. + + + + + The depth between the resource and the parent. + + + + + The name of the ancestor. + + + + + The security descriptor if accessible. + + + + + The original ACE which was inherited. + + + + + The SID of the original ACE. + + + + + Access mask as a formatted string. + + + + + Generic access mask as a formatted string. + + + + + The type of the ACE. + + + + + The object type of the ACE. + + + + + The inherited object type. + + + + + Enumeration for object type. + + + + + Tree security mode. + + + + + Progress function for tree named security info. + + The name of the object. + The operation status. + The current invoke setting. + True if security is set. + The invoke setting. Return original invoke_setting if no change. + + + + Base security buffer storage. + + + + + Type of the security buffer. + + + + + Is the buffer read-only. + + + + + Is the buffer read-only with checksum. + + + + + Convert to buffer back to an array. + + The buffer as an array. + + + + Overridden ToString method. + + The buffer as a string. + + + + Class to represent a security buffer we expect to be allocated by the SSPI. + + + + + Constructor. + + The type of the buffer. + + + + Convert to buffer back to an array. + + The buffer as an array. + + + + Security buffer for a channel binding. + + + + + Constructor. + + The channel bindings token. + + + + Convert to buffer back to an array. + + The buffer as an array. + + + + A security buffer which can be an input and output. + + If you create with the ReadOnly or ReadOnlyWithCheck types then the + array will not be updated. + + + + Constructor. + + The type of buffer. + The data for the input. + + + + Constructor. + + The type of buffer. + The data for the input. + The offset into the array. + Number of bytes in the input. + + + + Convert to buffer back to an array. + + The buffer as an array. + + + + A security buffer which can only be an output. + + + + + Constructor. + + The type of buffer. + The size of the output buffer. + + + + Convert to buffer back to an array. + + The buffer as an array. + + + + A security buffer which takes a raw pointer. The lifetime of the pointer + should be managed manually by the caller. + + + + + Constructor. + + The type of buffer. + The raw pointer. + The size of the raw pointer. + + + + The size of the buffer. + + + + + The pointer for the buffer. The lifetime needs to be manually managed. + + + + + This will free pointer using the SSPI APIs. Used to release automatically allocated + buffers. If you control the value of the Pointer you don't need to release it. + + + + + Convert to buffer back to an array. + + The buffer as an array. + + + + Security buffer type. + + + + + Class to represent a credential manager credential. + + + + + Credential flags. + + + + + Credential type. + + + + + Target name for the credentials. + + + + + Comment for the credentials. + + + + + Time the credentials was last written. + + + + + Credential blob. + + + + + Credential as a string, if available. + + + + + Credential persistence. + + + + + Credential attributes. + + + + + Target alias. + + + + + Username. + + + + + Class to represent a credential attribute. + + + + + Attribute keyword. + + + + + Attribute flags. + + + + + Attribute value. + + + + + Overridden ToString method. + + + + + + Flags for a credential attribute. + + + + + No flags. + + + + + Flags for enumeration credentials. + + + + + None. + + + + + Get all credentials. + + + + + Flags for a credential. + + + + + Class to access credential manager APIs. + + + + + Get credentials for user from credential manager. + + A filter for the target name, for example DOMAIN*. If null or empty returns all credentials. + Flags for the enumeration. + True to throw on error. + The list of credentials. + + + + Get credentials for user from credential manager. + + A filter for the target name, for example DOMAIN*. If null or empty returns all credentials. + Flags for the enumeration. + The list of credentials. + + + + Get credentials for user from credential manager. + + A filter for the target name, for example DOMAIN*. If null or empty returns all credentials. + The list of credentials. + + + + Get all credentials for user from credential manager. + + The list of credentials. + + + + Get a credential by name. + + The name of the credential. + The type of credential. + True to throw on error. + The read credential. + + + + Get a credential by name. + + The name of the credential. + The type of credential. + The read credential. + + + + Backup a user's credentials. + + The user's token. + The key for the data, typically a unicode password. Optional + True if the key is already encoded. + Caller needs SeTrustedCredmanAccessPrivilege enabled. + + + + Specify credential persistence. + + + + + Identifies the type of credentials. + + + + + Information class for a SAM domain object. + + + + + Logon32 provider + + + + + Default. + + + + + Windows NT 3.5. + + + + + Windows NT 4.0. + + + + + Windows NT 5.0. + + + + + Virtual provider. + + + + + Logon UserFlags. + + + + + Indicates the last client token status for the client context. + + + + + Yes it's the last token. + + + + + No it's not the last token. + + + + + It might be, who knows? + + + + + Status code for SSPI interface calls. + + + + + Class to represent an Account Right assigned to a user. + + + + + The name of the account right. + + + + + The display name, if known. + + + + + Get list of SIDS assigned to this access right. + + + + + ToString method. + + The name of the account right. + + + + List of account rights. Not the same as privileges. + + + + + Class to represent an LSA account object. + + + + + Get the account SID. + + + + + Get or set system access flags. + + + + + Get account privileges. + + + + + Get system access flags. + + True to throw on error. + The system access flags. + + + + Set system access flags. + + The flags to set. + True to throw on error. + The system access flags. + + + + Enumerate privileges for the account. + + True to throw on error. + The list of token privileges. + + + + Access rights for an LSA account. + + + + + Flags for looking up SIDs by name. + + + + + Flags for looking up SID names. + + + + + Base class for an LSA object. + + + + + Get the NT type for the object. + + + + + Get the object name for the object. + + + + + Get whether the object is a container. + + + + + Get the object's security descriptor. + + + + + Is an access mask granted to the object. + + The access to check. + True if all access is granted. + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + True to throw on error. + The security descriptor + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + The security descriptor + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + True to throw on error. + The NT status code. + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + + + + Delete the object. + + True to throw on error. + The NT status code. + + + + Delete the object. + + + + + Get the system name for the policy. + + + + + Dispose the policy. + + + + + Class to represent the LSA policy. + + + + + Lookup names for SIDs. + + The list of SIDs to lookup. + True to throw on error. + The list of looked up SID names. + + + + Lookup names for SIDs. + + The list of SIDs to lookup. + The list of looked up SID names. + + + + Lookup name for a SID. + + The SID to lookup. + + + + + Lookup names for SIDs. + + The list of SIDs to lookup. + Lookup options flags. + True to throw on error. + The list of looked up SID names. + + + + Lookup names for SIDs. + + The list of SIDs to lookup. + Lookup options flags. + The list of looked up SID names. + + + + Lookup names from the LSA policy. + + The names to lookup. + Flags for the lookup. + True to throw on error. + The list of SID names. + + + + Lookup names from the LSA policy. + + The names to lookup. + Flags for the lookup. + The list of SID names. + + + + Lookup names from the LSA policy. + + The names to lookup. + The list of SID names. + + + + Lookup names from the LSA policy. + + The name to lookup. + The looked up SID name. + + + + Enumerate accounts with a user right. + + The name of the user right. + True to throw on error. + The list of SIDs with the user right. + + + + Enumerate accounts with a user right. + + The name of the user right. + The list of SIDs with the user right. + + + + Enumerate account rights for a SID. + + The SID to enumerate for. + True to throw on error. + The list of assigned account rights. + + + + Enumerate account rights for a SID. + + The SID to enumerate for. + The list of assigned account rights. + + + + Add account rights to an account. + + The SID of the account. + The list of account rights to add. + True to throw on error. + The NT status code. + + + + Add account rights to an account. + + The SID of the account. + The list of account rights to add. + + + + Remove account rights from an account. + + The SID of the account. + True to remove all rights. + The account rights to add. + True to throw on error. + The NT status code. + + + + Remove account rights from an account. + + The SID of the account. + True to remove all rights. + The account rights to add. + + + + Retrieve LSA privilege data. + + The name of the key. + True to throw on error. + The private data as bytes. + + + + Retrieve LSA privilege data. + + The name of the key. + The private data as bytes. + + + + Store LSA private data. + + The name of the key. + The data to store. If you pass null then the value will be deleted. + True to throw on error. + The NT status code. + + + + Store LSA private data. + + The name of the key. + The data to store. If you pass null then the value will be deleted. + + + + Open an LSA secret object. + + The name of the secret. + The desired access for the secret. + True to throw on error. + The opened secret. + + + + Open an LSA secret object. + + The name of the secret. + The desired access for the secret. + The opened secret. + + + + Open an LSA secret object with maximum access. + + The name of the secret. + The opened secret. + + + + Create an LSA secret object. + + The name of the secret. + The desired access for the secret. + True to throw on error. + The created secret. + + + + Create an LSA secret object. + + The name of the secret. + The desired access for the secret. + The created secret. + + + + Create an LSA secret object with maximum access. + + The name of the secret. + The created secret. + + + + Delete an LSA secret object. + + The name of the secret. + True to throw on error. + The NT status code. + + + + Delete an LSA secret object. + + The name of the secret. + + + + Open an LSA account object. + + The SID of the account. + The desired access for the account. + True to throw on error. + The opened account. + + + + Open an LSA account object. + + The SID of the account. + The desired access for the account. + The opened account. + + + + Open an LSA account object with maximum access. + + The SID of the account. + The opened account. + + + + Create an LSA account object. + + The SID of the account. + The desired access for the account. + True to throw on error. + The created account. + + + + Create an LSA account object. + + The SID of the account. + The desired access for the account. + The created account. + + + + Create an LSA account object with maximum access. + + The SID of the account. + The created account. + + + + Delete an LSA account object. + + The SID of the account. + True to throw on error. + The NT status code. + + + + Delete an LSA account object. + + The SID of the account. + + + + Enumerate account SIDs in policy. + + True to throw on error. + The list of account SIDs. + + + + Enumerate account SIDs in policy. + + The list of account SIDs. + + + + Enumerate and open accessible account objects in policy. + + The desired access for the opened accounts. + True to throw on error. + The list of accessible accounts. + + + + Enumerate and open accessible account objects in policy. + + The desired access for the opened accounts. + + + + Enumerate and open accessible account objects in policy with maximum access. + + + + + Enumerate trusted domain information. + + True to throw on error. + The list of trusted domain information. + + + + Enumerate trusted domain information. + + The list of trusted domain information. + + + + Open trusted domain object. + + The SID of the trusted domain. + The desired access for the object. + True to throw on error. + The trusted domain object. + + + + Open trusted domain object. + + The SID of the trusted domain. + The desired access for the object. + The trusted domain object. + + + + Open trusted domain object. + + The name of the trusted domain. + The desired access for the object. + True to throw on error. + The trusted domain object. + + + + Open trusted domain object. + + The name of the trusted domain. + The desired access for the object. + The trusted domain object. + + + + Enumerate and open accessible trusted domain objects in policy. + + The desired access for the opened trusted domains. + True to throw on error. + The list of accessible trusted domains. + + + + Enumerate and open accessible trusted domain objects in policy. + + The desired access for the opened trusted domains. + The list of accessible trusted domains. + + + + Enumerate and open accessible trusted domain objects in policy. + + The list of accessible trusted domains. + + + + Open an LSA policy. + + The system name for the LSA. + The desired access on the policy. + True to throw on error. + The opened policy. + + + + Open an LSA policy. + + The desired access on the policy. + True to throw on error. + The opened policy. + + + + Open an LSA policy. + + The system name for the LSA. + The desired access on the policy. + The opened policy. + + + + Open an LSA policy. + + The desired access on the policy. + The opened policy. + + + + Open an LSA policy with maximum allowed access. + + The opened policy. + + + + Access rights for the LSA policy. + + + + + Utilities for an LSA policy. + + + + + The name of the fake NT type for a LSA policy. + + + + + The name of the fake NT type for a LSA secret. + + + + + The name of the fake NT type for a LSA account. + + + + + The name of the fake NT type for a LSA trusted domain. + + + + + Generic generic mapping for LSA policy security. + + The generic mapping for the LSA policy. + + + + Generic generic mapping for LSA secret security. + + The generic mapping for the LSA secret. + + + + Generic generic mapping for LSA account security. + + The generic mapping for the LSA account. + + + + Generic generic mapping for LSA trusted domain security. + + The generic mapping for the LSA trusted domain. + + + + Class to represent an LSA secret. + + + + + Query the value of the secret. + + True to throw on error. + The value of the secret. + + + + Query the value of the secret. + + The value of the secret. + + + + Query the current value of the secret. + + True to throw on error. + The current value of the secret. + + + + Query the current value of the secret. + + The current value of the secret. + + + + Query the old value of the secret. + + True to throw on error. + The old value of the secret. + + + + Query the old value of the secret. + + The old value of the secret. + + + + Set the value of the secret. + + The current value to set. + The old value to set. + True to throw on error. + The NT status code. + + + + Set the value of the secret. + + The current value to set. + The old value to set. + + + + Access rights for an LSA secret. + + + + + Class to represent an LSA secret value. + + + + + The current value of the secret. + + + + + The set time for the current value. + + + + + The old value of the secret. + + + + + The set time for the old value. + + + + + Flags for an account's system access. + + + + + Trust attribute flags for a trusted domain. + + + + + Direction of trust for a trusted domain. + + + + + Class to represent an LSA trusted domain. + + + + + Flat name (NETBIOS) of domain. + + + + + Domain SID. + + + + + Name of the domain. + + + + + Domain trust direction. + + + + + Domain trust type. + + + + + Domain trust attributes. + + + + + Access rights for an LSA trusted domain. + + + + + Information for a trusted domain. + + + + + DNS name of domain. + + + + + Flat name (NETBIOS) of domain. + + + + + Domain SID. + + + + + Domain trust direction. + + + + + Domain trust type. + + + + + Domain trust attributes. + + + + + Trust type for a trusted domain. + + + + + Class to represent a SAM alias. + + + + + Get members of the alias. + + True to throw on error. + The list of alias members. + + + + Get members of the alias. + + The list of alias members. + + + + The alias name. + + + + + The SID of the alias. + + + + + Access rights for a SAM alias object. + + + + + Class to represent a SAM domain object. + + + + + The domain name. + + + + + The domain SID. + + + + + Get domain password information + + + + + Lookup names in a domain. + + The list of names to lookup. + True to throw on error. + The list of looked up SID names. + + + + Lookup names in a domain. + + The list of names to lookup. + The list of looked up SID names. + + + + Lookup a name in a domain. + + The name to lookup. + True to throw on error. + The SID name. + + + + Lookup a name in a domain. + + The name to lookup. + The SID name. + + + + Lookup relative IDs in a domain. + + The list of relative IDs to lookup. + True to throw on error. + The list of looked up SID names. + + + + Lookup relative IDs in a domain. + + The list of relative IDs to lookup. + The list of looked up SID names. + + + + Lookup a rid in a domain. + + The relative ID to lookup. + True to throw on error. + The SID name. + + + + Lookup a rid in a domain. + + The relative ID to lookup. + The SID name. + + + + Enumerate users in a domain. + + User account control flags. + True to throw on error. + The list of users. + + + + Enumerate users in a domain. + + User account control flags. + The list of users. + + + + Enumerate users in a domain. + + The list of users. + + + + Enumerate groups in a domain. + + True to throw on error. + The list of groups. + + + + Enumerate groups in a domain. + + The list of groups. + + + + Enumerate aliases in a domain. + + True to throw on error. + The list of aliases. + + + + Enumerate aliases in a domain. + + The list of aliases. + + + + Get alias membership for a set of SIDs. + + The SIDs to check. + True to throw on error. + The alias enumeration. + + + + Get alias membership for a set of SIDs. + + The SIDs to check. + The alias enumeration. + + + + Get alias membership for a SID. + + The SID to check. + The alias enumeration. + + + + Open a user by relative ID. + + The user ID for the user. + The desired access for the user object. + True to throw on error. + The SAM user object. + + + + Open a user by relative ID. + + The user ID for the user. + The desired access for the user object. + The SAM user object. + + + + Open a user by SID. + + The sid for the user. + The desired access for the user object. + True to throw on error. + The SAM user object. + + + + Open a user by SID. + + The sid for the user. + The desired access for the user object. + The SAM user object. + + + + Open a user by name. + + The user name for the user. + The desired access for the user object. + True to throw on error. + The SAM user object. + + + + Open a user by name. + + The user name for the user. + The desired access for the user object. + The SAM user object. + + + + Open a group by relative ID. + + The ID for the group. + The desired access for the group object. + True to throw on error. + The SAM group object. + + + + Open a group by relative ID. + + The ID for the group. + The desired access for the group object. + The SAM group object. + + + + Open a group by SID. + + The sid for the group. + The desired access for the group object. + True to throw on error. + The SAM group object. + + + + Open a group by SID. + + The sid for the group. + The desired access for the group object. + The SAM group object. + + + + Open a group by name. + + The name for the group. + The desired access for the group object. + True to throw on error. + The SAM group object. + + + + Open a group by name. + + The name for the group. + The desired access for the group object. + The SAM group object. + + + + Create a new group object. + + The name of the group. + The desired access for the group object. + True to throw on error. + The SAM group object. + + + + Create a new group object. + + The name of the group. + The desired access for the group object. + The SAM group object. + + + + Create a new group object. + + The name of the group. + The SAM group object. + + + + Create a new user in the SAM. + + The name of the user. + The type of account. + Desired access for new user. + True to throw on error. + The SAM user object. + + + + Create a new user in the SAM. + + The name of the user. + The type of account. + Desired access for new user. + The SAM user object. + + + + Open an alias by relative ID. + + The ID for the alias. + The desired access for the alias object. + True to throw on error. + The SAM alias object. + + + + Open an alias by relative ID. + + The ID for the alias. + The desired access for the alias object. + The SAM alias object. + + + + Open an alias by SID. + + The sid for the alias. + The desired access for the alias object. + True to throw on error. + The SAM alias object. + + + + Open an alias by SID. + + The sid for the alias. + The desired access for the alias object. + The SAM alias object. + + + + Open an alias by name. + + The name for the alias. + The desired access for the alias object. + True to throw on error. + The SAM alias object. + + + + Open an alias by name. + + The name for the alias. + The desired access for the alias object. + The SAM alias object. + + + + Enumerate and open accessible user objects. + + User account control flags. + The desired access for the opened users. + True to throw on error. + The list of accessible users. + + + + Enumerate and open accessible user objects. + + User account control flags. + The desired access for the opened users. + The list of accessible users. + + + + Enumerate and open accessible user objects with maximum access. + + The list of accessible users. + + + + Enumerate and open accessible group objects. + + The desired access for the opened groups. + True to throw on error. + The list of accessible groups. + + + + Enumerate and open accessible group objects. + + The desired access for the opened groups. + The list of accessible groups. + + + + Enumerate and open accessible group objects with maximum access. + + The list of accessible groups. + + + + Enumerate and open accessible alias objects. + + The desired access for the opened aliases. + True to throw on error. + The list of accessible aliases. + + + + Enumerate and open accessible alias objects. + + The desired access for the opened aliases. + The list of accessible aliases. + + + + Enumerate and open accessible alias objects with maximum access. + + The list of accessible aliases. + + + + Convert a RID to a SID for the current object. + + The relative ID. + True to throw on error. + The converted SID. + + + + Convert a RID to a SID for the current object. + + The relative ID. + The converted SID. + + + + Get password information. + + True to throw on error. + + + + + Access rights for a SAM domain object. + + + + + The domain password policy. + + + + + Minimum password length. + + + + + Password history length. + + + + + Password properties flags. + + + + + Maximum password age. + + + + + Minimum password age. + + + + + Flags for password properties. + + + + + Class to represent a SAM group. + + + + + Get members of the group. + + True to throw on error. + The list of group members. + + + + Get members of the group. + + The list of group members. + + + + Query group attribute flags. + + True to throw on error. + The group attribute flags. + + + + Set the group attribute flags. + + The attributes to set. + True to throw on error. + The NT status code. + + + + Delete the group object. + + True to throw on error. + The NT status code. + + + + Delete the group object. + + + + + The group name. + + + + + The SID of the group. + + + + + Get or set the group attribute flags. + + + + + Access rights for the SAM group. + + + + + Membership entry for a group. + + + + + The group relative ID. + + + + + The attributes for the group. + + + + + Base class for a SAM object. + + + + + The name of the server that we've connected to. + + + + + Get the NT type for the object. + + + + + Get the object name for the object. + + + + + Get whether the object is a container. + + + + + Get the object's security descriptor. + + + + + Is an access mask granted to the object. + + The access to check. + True if all access is granted. + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + True to throw on error. + The security descriptor + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + The security descriptor + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + True to throw on error. + The NT status code. + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + + + + Dispose the policy. + + + + + Represents information for a SAM relative value. + + + + + The name of the domain. + + + + + The RID of the domain. + + + + + Class to represent a connection to a SAM server. + + + + + Enumerate domains in the SAM. + + True to throw on error. + The list of domains. + + + + Enumerate domains in the SAM. + + The list of domains. + + + + Lookup the domain SID for a domain name. + + The name of the domain. + True to throw on error. + The domain SID. + + + + Lookup the domain SID for a domain name. + + The name of the domain. + The domain SID. + + + + Open a SAM domain object. + + The domain SID. + The desired access for the object. + True to throw on error. + The SAM domain object. + + + + Open a SAM domain object. + + The domain SID. + The desired access for the object. + The SAM domain object. + + + + Open a SAM domain object. + + The name of the domain. + The desired access for the object. + True to throw on error. + The SAM domain object. + + + + Open a SAM domain object. + + The name of the domain. + The desired access for the object. + The SAM domain object. + + + + Enumerate and open accessible domain objects. + + The desired access for the opened domains. + True to throw on error. + The list of accessible domains. + + + + Enumerate and open accessible domain objects. + + The desired access for the opened domains. + The list of accessible domains. + + + + Opens the builtin domain on the server. + + The desired access for the object. + True to throw on error. + The SAM domain object. + + + + Opens the builtin domain on the server. + + The desired access for the object. + The SAM domain object. + + + + Opens the user domain on the server. + + The desired access for the object. + True to throw on error. + The SAM domain object. + + + + Opens the user domain on the server. + + The desired access for the object. + The SAM domain object. + + + + Connect to a SAM server. + + The name of the server. Set to null for local connection. + The desired access on the SAM server. + True to throw on error. + The server connection. + + + + Connect to a SAM server. + + The name of the server. Set to null for local connection. + The desired access on the SAM server. + The server connection. + + + + Connect to a SAM server. + + The desired access on the SAM server. + The server connection. + + + + Connect to a SAM server with maximum access. + + The server connection. + + + + Access rights for the SAM server. + + + + + Class to represent a SAM user. + + + + + Get full name for the user. + + True to throw on error. + The full name of the user. + + + + Get home directory for the user. + + True to throw on error. + The home directory of the user. + + + + Get primary group ID for the user. + + True to throw on error. + The primary group ID of the user. + + + + Get user account control flags for the user. + + True to throw on error. + The user account control flags of the user. + + + + Change a user's password. + + The old password. + The new password. + True to throw on error. + The NT status code. + + + + Change a user's password. + + The old password. + The new password. + + + + Set a user's password. + + The password to set. + Whether the password has expired. + True to throw on error. + The NT status code. + + + + Set a user's password. + + The password to set. + Whether the password has expired. + + + + The user name. + + + + + The SID of the user. + + + + + Get full name for the user. + + + + + Get home directory for the user. + + + + + Get user account control flags for the user. + + + + + Is the account disabled? + + + + + Get the primary group SID. + + + + + Access rights for a SAM user object. + + + + + Type of user account to create. + + + + + A user account. + + + + + A workstation trust account. + + + + + A server trust account. + + + + + A temporary duplicate account. + + + + + Inter domain trust account. + + + + + User account control flags. + + + + + Security utilities which call the Win32 APIs. + + + + + Set security using a named object. + + The name of the object. + The type of named object. + The security information to set. + The security descriptor to set. + True to throw on error. + The NT status code. + + + + Set security using a named object. + + The name of the object. + The type of named object. + The security information to set. + The security descriptor to set. + Specify to indicate when to execute progress function. + The security operation to perform on the tree. + Progress function. + + + + Set security using a named object. + + The name of the object. + The type of named object. + The security information to set. + The security descriptor to set. + Specify to indicate when to execute progress function. + The security operation to perform on the tree. + Progress function. + True to throw on error. + The NT status code. + + + + Set security using a named object. + + The name of the object. + The type of named object. + The security information to set. + The security descriptor to set. + The Win32 Error Code. + + + + Set security using an object handle. + + The handle of the object. + The type of object. + The security information to set. + The security descriptor to set. + True to throw on error. + The NT status code. + + + + Set security using an object handle. + + The handle of the object. + The type of object. + The security information to set. + The security descriptor to set. + + + + Set security using an object handle. + + The handle of the object. + The type of object. + The security information to set. + The security descriptor to set. + True to throw on error. + The NT status code. + + + + Set security using an object handle. + + The handle of the object. + The type of object. + The security information to set. + The security descriptor to set. + + + + Reset security using a named object. + + The name of the object. + The type of named object. + The security information to set. + The security descriptor to set. + True to keep explicit ACEs. + Specify to indicate when to execute progress function. + Progress function. + + + + Reset security using a named object. + + The name of the object. + The type of named object. + The security information to set. + The security descriptor to set. + Specify to indicate when to execute progress function. + True to keep explicit ACEs. + Progress function. + True to throw on error. + The NT status code. + + + + Get the source of inherited ACEs. + + The name of the resource. + The type of the resource. + Whether the resource is a container. + Optional list of object types. + The security descriptor for the resource. + True to check the SACL otherwise checks the DACL. + Generic mapping for the resource. + Query security descriptors for sources. + True to throw on error. + The list of inheritance sources. + + + + Get the source of inherited ACEs. + + The name of the resource. + The type of the resource. + Whether the resource is a container. + Optional list of object types. + The security descriptor for the resource. + True to check the SACL otherwise checks the DACL. + Generic mapping for the resource. + Query security descriptors for sources. + The list of inheritance sources. + + + + Get the security descriptor for a named resource. + + The name of the resource. + The type of the resource. + The security information to get. + True to throw on error. + The security descriptor. + + + + Get the security descriptor for a named resource. + + The name of the resource. + The type of the resource. + The security information to get. + The security descriptor. + + + + Get the security descriptor for a resource. + + The handle to the resource. + The type of the resource. + The security information to get. + True to throw on error. + The security descriptor. + + + + Get the security descriptor for a resource. + + The handle to the resource. + The type of the resource. + The security information to get. + The security descriptor. + + + + Get the NT type for a SE Object Type. + + The type of the resource. + The NT type if known, otherwise null. + + + + Lookup a privilege display name. + + The system name to do the lookup on. + The privilege name. + The display name. Empty string on error. + + + + Add a SID to name mapping with LSA. + + The domain name for the SID. The SID must be in the NT authority. + The account name for the SID. Can be null for a domain SID. + The SID to add. + True to throw on error. + The NT status result. + + + + Add a SID to name mapping with LSA. + + The domain name for the SID. + The account name for the SID. Can be null for a domain SID. + The SID to add. + The NT status result. + + + + Remove a SID to name mapping with LSA. + + The domain name for the SID. + The account name for the SID. Can be null for a domain SID. + True to throw on error. + The NT status result. + + + + Remove a SID to name mapping with LSA. + + The domain name for the SID. + The account name for the SID. Can be null for a domain SID. + The NT status result. + + + + Remove a SID to name mapping with LSA. + + The SID to remove. + The NT status result. + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + The Logon provider. + The logged on token. + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + The Logon provider. + True to throw on error. + The logged on token. + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + The Logon provider. + Additional groups to add. Needs SeTcbPrivilege. + The logged on token. + + + + Logon a user with a username and password. + + The username. + The user's domain. + The user's password. + The type of logon token. + The Logon provider. + Additional groups to add. Needs SeTcbPrivilege. + True to throw on error. + The logged on token. + + + + Lookup a SID's internet name. + + The SID to lookup. + True to throw on error. + The name of the sid as an internet account. + This still might return the normal NT4 style account name if the user is not an internet user. + + + + Lookup a SID's internet name. + + The SID to lookup. + The name of the sid as an internet account. + This still might return the normal NT4 style account name if the user is not an internet user. + + + + Retrieve LSA private data. + + The system containing the LSA instance. + The name of the key. + True to throw on error. + The private data as bytes. + + + + Retrieve LSA private data. + + The system containing the LSA instance. + The name of the key. + The private data as bytes. + + + + Retrieve LSA private data. + + The name of the key. + The private data as bytes. + + + + Store LSA private data. + + The system containing the LSA instance. + The name of the key. + The data to store. + True to throw on error. + The NT status code. + + + + Store LSA private data. + + The system containing the LSA instance. + The name of the key. + The data to store. + + + + Store LSA private data. + + The name of the key. + The data to store. + + + + Delete LSA private data. + + The system containing the LSA instance. + The name of the key. + True to throw on error. + The NT status code. + + + + Delete LSA private data. + + The system containing the LSA instance. + The name of the key. + + + + Delete LSA private data. + + The name of the key. + + + + Virtual Key enumeration. + + + + + Left mouse button + + + + + Right mouse button + + + + + Control-break processing + + + + + Middle mouse button (three-button mouse) + + + + + Windows 2000/XP: X1 mouse button + + + + + Windows 2000/XP: X2 mouse button + + + + + BACKSPACE key + + + + + TAB key + + + + + CLEAR key + + + + + ENTER key + + + + + SHIFT key + + + + + CTRL key + + + + + ALT key + + + + + PAUSE key + + + + + CAPS LOCK key + + + + + Input Method Editor (IME) Kana mode + + + + + IME Hangul mode + + + + + IME Junja mode + + + + + IME final mode + + + + + IME Hanja mode + + + + + IME Kanji mode + + + + + ESC key + + + + + IME convert + + + + + IME nonconvert + + + + + IME accept + + + + + IME mode change request + + + + + SPACEBAR + + + + + PAGE UP key + + + + + PAGE DOWN key + + + + + END key + + + + + HOME key + + + + + LEFT ARROW key + + + + + UP ARROW key + + + + + RIGHT ARROW key + + + + + DOWN ARROW key + + + + + SELECT key + + + + + PRINT key + + + + + EXECUTE key + + + + + PRINT SCREEN key + + + + + INS key + + + + + DEL key + + + + + HELP key + + + + + 0 key + + + + + 1 key + + + + + 2 key + + + + + 3 key + + + + + 4 key + + + + + 5 key + + + + + 6 key + + + + + 7 key + + + + + 8 key + + + + + 9 key + + + + + A key + + + + + B key + + + + + C key + + + + + D key + + + + + E key + + + + + F key + + + + + G key + + + + + H key + + + + + I key + + + + + J key + + + + + K key + + + + + L key + + + + + M key + + + + + N key + + + + + O key + + + + + P key + + + + + Q key + + + + + R key + + + + + S key + + + + + T key + + + + + U key + + + + + V key + + + + + W key + + + + + X key + + + + + Y key + + + + + Z key + + + + + Left Windows key (Microsoft Natural keyboard) + + + + + Right Windows key (Natural keyboard) + + + + + Applications key (Natural keyboard) + + + + + Computer Sleep key + + + + + Numeric keypad 0 key + + + + + Numeric keypad 1 key + + + + + Numeric keypad 2 key + + + + + Numeric keypad 3 key + + + + + Numeric keypad 4 key + + + + + Numeric keypad 5 key + + + + + Numeric keypad 6 key + + + + + Numeric keypad 7 key + + + + + Numeric keypad 8 key + + + + + Numeric keypad 9 key + + + + + Multiply key + + + + + Add key + + + + + Separator key + + + + + Subtract key + + + + + Decimal key + + + + + Divide key + + + + + F1 key + + + + + F2 key + + + + + F3 key + + + + + F4 key + + + + + F5 key + + + + + F6 key + + + + + F7 key + + + + + F8 key + + + + + F9 key + + + + + F10 key + + + + + F11 key + + + + + F12 key + + + + + F13 key + + + + + F14 key + + + + + F15 key + + + + + F16 key + + + + + F17 key + + + + + F18 key + + + + + F19 key + + + + + F20 key + + + + + F21 key + + + + + F22 key, (PPC only) Key used to lock device. + + + + + F23 key + + + + + F24 key + + + + + NUM LOCK key + + + + + SCROLL LOCK key + + + + + Left SHIFT key + + + + + Right SHIFT key + + + + + Left CONTROL key + + + + + Right CONTROL key + + + + + Left MENU key + + + + + Right MENU key + + + + + Windows 2000/XP: Browser Back key + + + + + Windows 2000/XP: Browser Forward key + + + + + Windows 2000/XP: Browser Refresh key + + + + + Windows 2000/XP: Browser Stop key + + + + + Windows 2000/XP: Browser Search key + + + + + Windows 2000/XP: Browser Favorites key + + + + + Windows 2000/XP: Browser Start and Home key + + + + + Windows 2000/XP: Volume Mute key + + + + + Windows 2000/XP: Volume Down key + + + + + Windows 2000/XP: Volume Up key + + + + + Windows 2000/XP: Next Track key + + + + + Windows 2000/XP: Previous Track key + + + + + Windows 2000/XP: Stop Media key + + + + + Windows 2000/XP: Play/Pause Media key + + + + + Windows 2000/XP: Start Mail key + + + + + Windows 2000/XP: Select Media key + + + + + Windows 2000/XP: Start Application 1 key + + + + + Windows 2000/XP: Start Application 2 key + + + + + Used for miscellaneous characters; it can vary by keyboard. + + + + + Windows 2000/XP: For any country/region, the '+' key + + + + + Windows 2000/XP: For any country/region, the ',' key + + + + + Windows 2000/XP: For any country/region, the '-' key + + + + + Windows 2000/XP: For any country/region, the '.' key + + + + + Used for miscellaneous characters; it can vary by keyboard. + + + + + Used for miscellaneous characters; it can vary by keyboard. + + + + + Used for miscellaneous characters; it can vary by keyboard. + + + + + Used for miscellaneous characters; it can vary by keyboard. + + + + + Used for miscellaneous characters; it can vary by keyboard. + + + + + Used for miscellaneous characters; it can vary by keyboard. + + + + + Used for miscellaneous characters; it can vary by keyboard. + + + + + Windows 2000/XP: Either the angle bracket key or the backslash key on the RT 102-key keyboard + + + + + Windows 95/98/Me, Windows NT 4.0, Windows 2000/XP: IME PROCESS key + + + + + Windows 2000/XP: Used to pass Unicode characters as if they were keystrokes. + The VK_PACKET key is the low word of a 32-bit Virtual Key value used for non-keyboard input methods. For more information, + see Remark in KEYBDINPUT, SendInput, WM_KEYDOWN, and WM_KEYUP + + + + + Attn key + + + + + CrSel key + + + + + ExSel key + + + + + Erase EOF key + + + + + Play key + + + + + Zoom key + + + + + Reserved + + + + + PA1 key + + + + + Clear key + + + + + Class representing the information about a service. + + + + + The name of the service. + + + + + The security descriptor of the service. + + + + + The list of triggers for the service. + + + + + The service SID setting. + + + + + The service launch protected setting. + + + + + The service required privileges. + + + + + The service type. + + + + + Service start type. + + + + + Error control. + + + + + Binary path name. + + + + + Load order group. + + + + + Tag ID for load order. + + + + + Dependencies. + + + + + Display name. + + + + + Service start name. For user mode services this is the username, for drivers it's the driver name. + + + + + Indicates this service is set to delayed automatic start. + + + + + The user name this service runs under. + + + + + Type of service host when using Win32Share. + + + + + Service main function when using Win32Share. + + + + + Image path for the service. + + + + + Get name of the target image, either the ServiceDll or ImagePath. + + + + + Service DLL if a shared process server. + + + + + The name of the machine this service was found on. + + + + + Indicates if this service process is grouped with others. + + + + + Class to represent custom data for a service trigger. + + + + + The type of data. + + + + + The raw custom data. + + + + + The custom data as a string. + + + + + The custom data as an array of strings (only useful for String type). + + + + + Overidden ToString method. + + The data as a string. + + + + Trigger information for a service. + + + + + The type of service trigger. + + + + + The service trigger action. + + + + + The sub-type GUID. + + + + + The description of the sub type. + + + + + Custom data. + + + + + Overridden ToString method. + + The trigger as a string. + + + + Trigger the service. + + + + + Service trigger type. + + + + + Represents an action that the service control manager can perform. + + + + + The action to be performed. + + + + + The time to wait before performing the specified action, in milliseconds. + + + + The action to be performed. + The time to wait before performing the specified action, in milliseconds. + + + + Utilities for accessing services. + + + + + The name of the fake NT type for a service. + + + + + The name of the fake NT type for the SCM. + + + + + Get the generic mapping for the SCM. + + The SCM generic mapping. + + + + Get the generic mapping for a service. + + The service generic mapping. + + + + Get the security descriptor of the SCM. + + The SCM security descriptor. + + + + Get the security descriptor of the SCM. + + The name of a target computer. Can be null or empty to specify local machine. + Parts of the security descriptor to return. + True to throw on error. + The SCM security descriptor. + + + + Get the security descriptor of the SCM. + + The name of a target computer. Can be null or empty to specify local machine. + Parts of the security descriptor to return. + The SCM security descriptor. + + + + Get the security descriptor of the SCM. + + Parts of the security descriptor to return. + True to throw on error. + The SCM security descriptor. + + + + Get the security descriptor of the SCM. + + Parts of the security descriptor to return. + The SCM security descriptor. + + + + Get the security descriptor for a service. + + The name of the service. + Parts of the security descriptor to return. + True to throw on error. + The name of a target computer. Can be null or empty to specify local machine. + The security descriptor. + + + + Get the security descriptor for a service. + + The name of the service. + Parts of the security descriptor to return. + The name of a target computer. Can be null or empty to specify local machine. + The security descriptor. + + + + Get the security descriptor for a service. + + The name of the service. + Parts of the security descriptor to return. + True to throw on error. + The security descriptor. + + + + Get the security descriptor for a service. + + The name of the service. + Parts of the security descriptor to return. + The security descriptor. + + + + Set the SCM security descriptor. + + The name of a target computer. Can be null or empty to specify local machine. + The security descriptor to set. + The parts of the security descriptor to set. + True to throw on error. + The NT status code. + + + + Set the SCM security descriptor. + + The name of a target computer. Can be null or empty to specify local machine. + The security descriptor to set. + The parts of the security descriptor to set. + + + + Set the SCM security descriptor. + + The security descriptor to set. + The parts of the security descriptor to set. + True to throw on error. + The NT status code. + + + + Set the SCM security descriptor. + + The security descriptor to set. + The parts of the security descriptor to set. + + + + Get the information about a service. + + The name of the service. + The name of a target computer. Can be null or empty to specify local machine. + True to throw on error. + The service information. + + + + Get the information about a service. + + The name of the service. + The name of a target computer. Can be null or empty to specify local machine. + The service information. + + + + Get the information about a service. + + The name of the service. + True to throw on error. + The service information. + + + + Set the security descriptor for a service. + + The name of the service. + The name of a target computer. Can be null or empty to specify local machine. + The security descriptor to set. + The security information to set. + True to throw on error. + The NT status. + + + + Set the security descriptor for a service. + + The name of the service. + The name of a target computer. Can be null or empty to specify local machine. + The security descriptor to set. + The security information to set. + + + + Set the security descriptor for a service. + + The name of the service. + The security descriptor to set. + The security information to set. + True to throw on error. + The NT status. + + + + Set the security descriptor for a service. + + The name of the service. + The security descriptor to set. + The security information to set. + + + + Get the information about a service. + + The name of the service. + The service information. + + + + Get the information about all services. + + The name of a target computer. Can be null or empty to specify local machine. + The types of services to return. + The list of service information. + + + + Get the information about all services. + + The types of services to return. + The list of service information. + + + + Get the PID of a running service. + + The name of the service. + Returns the PID of the running service, or 0 if not running. + Thrown on error. + + + + Get the PIDs of a list of running service. + + The names of the services. + Returns the PID of the running service, or 0 if not running. + Thrown on error. + + + + Get a running service by name. + + The name of the service. + The name of a target computer. Can be null or empty to specify local machine. + True to throw on error. + The running service. + This will return active and non-active services as well as drivers. + + + + Get a running service by name. + + The name of the service. + The name of a target computer. Can be null or empty to specify local machine. + The running service. + This will return active and non-active services as well as drivers. + + + + Get a running service by name. + + The name of the service. + The running service. + True to throw on error. + This will return active and non-active services as well as drivers. + + + + Get a running service by name. + + The name of the service. + The running service. + This will return active and non-active services as well as drivers. + + + + Get a list of all registered services. + + The name of a target computer. Can be null or empty to specify local machine. + Specify state of services to get. + Specify the type filter for services. + A list of registered services. + + + + Get a list of all registered services. + + Specify state of services to get. + Specify the type filter for services. + A list of registered services. + + + + Get flags for all user service types. + + The flags for user service types. + + + + Get flags for all kernel driver types. + + The flags for kernel driver types. + + + + Get a list of all registered services. + + A list of registered services. + + + + Get a list of all active running services with their process IDs. + + A list of all active running services with process IDs. + + + + Get a list of all drivers. + + A list of all drivers. + + + + Get a list of all active running drivers. + + A list of all active running drivers. + + + + Get a list of all services and drivers. + + A list of all services and drivers. + + + + Get a list of all services and drivers. + + A list of all services and drivers. + + + + Get a fake NtType for a service. + + Service returns the service type, SCM returns SCM type. + The fake service NtType. Returns null if not a recognized type. + + + + Create a new service. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The display name for the service. + The service type. + The service start type. + Error control. + Path to the service executable. + Load group order. + List of service dependencies. + The username for the service. + Password for the username if needed. + True to throw on error. + The registered service information. + + + + Create a new service. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The display name for the service. + The service type. + The service start type. + Error control. + Path to the service executable. + Load group order. + List of service dependencies. + The username for the service. + Password for the username if needed. + The registered service information. + + + + Create a new service. + + The name of the service. + The display name for the service. + The service type. + The service start type. + Error control. + Path to the service executable. + Load group order. + List of service dependencies. + The username for the service. + Password for the username if needed. + True to throw on error. + The registered service information. + + + + Create a new service. + + The name of the service. + The display name for the service. + The service type. + The service start type. + Error control. + Path to the service executable. + Load group order. + List of service dependencies. + The username for the service. + Password for the username if needed. + The registered service information. + + + + Delete a service. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + True to throw on error. + The NT status. + + + + Delete a service. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The NT status. + + + + Delete a service. + + The name of the service. + True to throw on error. + The NT status. + + + + Delete a service. + + The name of the service. + + + + Send a control code to a service. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The control code to send. If >= 128 will be sent as a custom control code. + True to throw on error. + The NT status code. + + + + Send a control code to a service. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The control code to send. If >= 128 will be sent as a custom control code. + + + + Send a control code to a service. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The control code to send. If >= 128 will be sent as a custom control code. + + + + Send a control code to a service. + + The name of the service. + The control code to send. If >= 128 will be sent as a custom control code. + + + + Send a control code to a service. + + The name of the service. + The control code to send. If >= 128 will be sent as a custom control code. + + + + Change service configuration. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The display name for the service. + The service type. + The service start type. + Error control. + Path to the service executable. + Load group order. + The tag ID. + List of service dependencies. + The username for the service. + Password for the username if needed. + True to throw on error. + The NT status code. + + + + Change service configuration. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The display name for the service. + The service type. + The service start type. + Error control. + Path to the service executable. + The tag ID. + Load group order. + List of service dependencies. + The username for the service. + Password for the username if needed. + + + + Change service configuration. + + The name of the service. + The display name for the service. + The service type. + The service start type. + Error control. + Path to the service executable. + The tag ID. + Load group order. + List of service dependencies. + The username for the service. + Password for the username if needed. + True to throw on error. + The NT status code. + + + + Change service configuration. + + The name of the service. + The display name for the service. + The service type. + The service start type. + Error control. + Path to the service executable. + The tag ID. + Load group order. + List of service dependencies. + The username for the service. + Password for the username if needed. + + + + Start a service by name. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + Optional arguments to pass to the service. + True to throw on error. + The status code for the service. + + + + Start a service by name. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + Optional arguments to pass to the service. + + + + Start a service by name. + + The name of the service. + Optional arguments to pass to the service. + True to throw on error. + The status code for the service. + + + + Start a service by name. + + The name of the service. + Optional arguments to pass to the service. + The status code for the service. + + + + Set a service's SID type. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The SID type to set. + True to throw on error. + The NT status code. + + + + Set a service's SID type. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The SID type to set. + + + + Set a service's SID type. + + The name of the service. + The SID type to set. + True to throw on error. + The NT status code. + + + + Set a service's SID type. + + The name of the service. + The SID type to set. + + + + Set a service's delayed auto-start. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + If true, the service is started after other auto-start services are started plus a short delay. Otherwise, the service is started during system boot. + True to throw on error. + The NT status code. + + + + + + + + + + + + + + + Set a service's failure recover actions. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + Actions to be performed on service failure. +
If this value is null, is ignored. +
If this value is empty, the reset period and array of failure actions are deleted. + The time after which to reset the failure count to zero if there are no failures, in seconds. Specify -1 to indicate that this value should never be reset. + The command line of the process for the CreateProcess function to execute in response to the command run service controller action. +
This process runs under the same account as the service. +
If this value is null, the command is unchanged. +
If the value is an empty string (""), the command is deleted and no program is run when the service fails. + The message to be broadcast to server users before rebooting in response to the reboot action service controller action. +
If this value is null, the reboot message is unchanged. +
If the value is an empty string (""), the reboot message is deleted and no message is broadcast. +
This member can specify a localized string using the following format: @[path]dllname,-strID +
The string with identifier strID is loaded from dllname; path is optional. + True to throw on error. + The NT status code. + + + + + + + + + + + + + + + Set a service's required privileges. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The required privileges. + True to throw on error. + The NT status code. + + + + Set a service's required privileges. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The required privileges. + + + + Set a service's required privileges. + + The name of the service. + The required privileges. + True to throw on error. + The NT status code. + + + + Set a service's required privileges. + + The name of the service. + The required privileges. + + + + Set a service's launch protected type. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The protected type. + True to throw on error. + The NT status code. + + + + Set a service's launch protected type. + + The name of a target computer. Can be null or empty to specify local machine. + The name of the service. + The protected type. + + + + Set a service's required privileges. + + The name of the service. + The protected type. + True to throw on error. + The NT status code. + + + + Set a service's SID type. + + The name of the service. + The protected type. + + + + A service trigger for an ETW event. + + + + + The security descriptor for the ETW event. Needs administrator privileges. + + + + + Trigger the service. + + + + + Service trigger for firewall port interface. + + + + + The port for the firewall service trigger. + + + + + The protocol for the firewall service trigger. + + + + + The protocol for the firewall service trigger. + + + + + The protocol for the firewall service trigger. + + + + + Service trigger for a named pipe. + + + + + The path to the named pipe. + + + + + Service trigger for an RPC interface. + + + + + List of interface ID for the RPC server. + + + + + Class to represent a handle to the SCM. + + + + + Active services database. + + + + + Failed services database. + + + + + Open an instance of the SCM. + + The machine name for the SCM. + The database name. Specify SERVICES_ACTIVE_DATABASE or SERVICES_FAILED_DATABASE. + If null then SERVICES_ACTIVE_DATABASE is used. + The desired access for the SCM connection. + True to throw on error. + The SCM instance. + + + + Open an instance of the SCM. + + The machine name for the SCM. + The database name. Specify SERVICES_ACTIVE_DATABASE or SERVICES_FAILED_DATABASE. + If null then SERVICES_ACTIVE_DATABASE is used. + The desired access for the SCM connection. + The SCM instance. + + + + Open an instance of the SCM. + + The machine name for the SCM. + The desired access for the SCM connection. + The SCM instance. + + + + Get the Win32 services for the SCM. + + The state of the services to return. + The types of services to return. + True throw on error. + The list of services. + SCM must have been opened with EnumerateService access. + + + + Get the Win32 services for the SCM. + + The state of the services to return. + The types of services to return. + The list of services. + SCM must have been opened with EnumerateService access. + + + + Dispose the object. + + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + True to throw on error. + The security descriptor + + + + Get the security descriptor specifying which parts to retrieve + + What parts of the security descriptor to retrieve + The security descriptor + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + True to throw on error. + + + + Set the object's security descriptor + + The security descriptor to set. + What parts of the security descriptor to set + + + + Service trigger for a WNF event. + + + + + The WNF name. + + + + + Represents a loaded module from the symbol resolver. + + + + + The name of the module. + + + + + The base address of the module. + + + + + The image size of the module. + + + + + Get the path to the loaded PDB file is known. + + + + + True indicates this module only has export symbols. + + + + + Query names of types for this module. + + The list of type names. + + + + Query types in a module. + + The list of types. + + + + Get a type by name. + + The name of the type. + + + + + Query types by name + + A mask string for the type name. e.g. mod!ABC* + The list of types. + + + + Returns the name of the module. + + The name of the module. + + + + Static class for creating symbolic resolvers. + + + + + Create a new instance of a symbol resolver. + + The process in which the symbols should be resolved. + The path to dbghelp.dll, ideally should use the one which comes with Debugging Tools for Windows. + The symbol path. + Flags for the symbol resolver. + A text writer for output when specifying the TraceSymbolLoading flag. + The instance of a symbol resolver. Should be disposed when finished. + + + + Create a new instance of a symbol resolver. + + The process in which the symbols should be resolved. + The path to dbghelp.dll, ideally should use the one which comes with Debugging Tools for Windows. + The symbol path. + The instance of a symbol resolver. Should be disposed when finished. + + + + Create a new instance of a symbol resolver. Uses the system dbghelp library and symbol path + from _NT_SYMBOL_PATH environment variable. + + The process in which the symbols should be resolved. + The instance of a symbol resolver. Should be disposed when finished. + + + + Enumeration for safer level. + + + + + Constrained. + + + + + Fully trusted. + + + + + Normal user. + + + + + Untrusted. + + + + + Class to access tokens through various mechanisms. + + + + + Logon a user using S4U + + The username. + The user's realm. + + The logged on token. + + + + Get the anonymous token. + + The access rights for the opened token. + The anonymous token. + + + + Get the anonymous token. + + The anonymous token. + + + + Logon a user. + + The username. + The user's domain. + The user's password. + The logon token's type. + Optional list of additonal groups to add. + The logged on token. + + + + Logon a user. + + The username. + The user's domain. + The user's password. + The logon token's type. + Optional list of additonal groups to add. + The Logon provider. + The logged on token. + + + + Logon a user. + + The username. + The user's domain. + The user's password. + The logon token's type. + Optional list of additonal groups to add. + The Logon provider. + True to throw on error. + The logged on token. + + + + Open the current clipboard token. + + + + + + + + Get the token from the clipboard. + + The access rights for the opened token. + The clipboard token. + + + + Get the token from the clipboard. + + The clipboard token. + + + + Derive a package sid from a name. + + The name of the package. + True to throw on error. + The derived Sid + + + + Derive a package sid from a name. + + The name of the package. + The derived Sid + + + + Derive a restricted package sid from an existing pacakge sid. + + The base package sid. + The restricted name for the sid. + True to throw on error. + The derived Sid. + + + + Derive a restricted package sid from an existing pacakge sid. + + The base package sid. + The restricted name for the sid. + The derived Sid. + + + + Derive a restricted package sid from an existing package sid. + + The base package name. + The restricted name for the sid. + The derived Sid. + + + + Get the package SID from a name. + + The name of the package, can be either an SDDL SID or a package name. + The derived SID. + + + + Get a safer token. + + The base token. + The safer level to use. + True to make the token inert. + The safer token. + + + + Get session token for a session ID. + + The session ID. + The session token. + + + + Get tokens for all logged on sessions. + + Needs SeTcbPrivilege to work. + The list of session tokens. + + + + Create an AppContainer token using the CreateAppContainerToken API. + + The token to base the new token on. Can be null. + The AppContainer package SID. + List of capabilities. + True to throw on error. + The appcontainer token. + This exported function was only introduced in RS3 + + + + Create an AppContainer token using the CreateAppContainerToken API. + + The token to base the new token on. Can be null. + The AppContainer package SID. + List of capabilities. + The appcontainer token. + This exported function was only introduced in RS3 + + + + Create an AppContainer token using the CreateAppContainerToken API. + + The AppContainer package SID. + List of capabilities. + The appcontainer token. + This exported function was only introduced in RS3 + + + + Win32 Error Codes. + + + + + Flags for DefineDosDevice + + + + + None + + + + + Specify a raw target path + + + + + Remove existing definition + + + + + Only remove exact matches to the target + + + + + Don't broadcast changes to the system + + + + + Disposition values for CreateFile. + + + + + Create a new file. Fail if it exists. + + + + + Always create a new file, overwrite if it exists. + + + + + Open a file, fail if it doesn't exist. + + + + + Open a file, create if it doesn't exist. + + + + + Truncate existing file. + + + + + Flags for GetWin32PathName. + + + + + No flags. + + + + + GUID format. + + + + + NT format. + + + + + No specific format. + + + + + Opened file name. + + + + + Class representing a win32 process. + + + + + Create process with a token. + + The token to create the process with. + The process configuration. + The created win32 process. + + + + Create process with a token. + + The token to create the process with. + The path to the executable. + The process command line. + Process creation flags. + The desktop name. + The created win32 process. + + + + Create process with a token from a user logon. + + The username. + The user's domain. + The user's password. + Logon flags. + The process configuration. + The created win32 process. + + + + Create process with a token from a user logon. + + The user's credentials. + Logon flags. + The process configuration. + True to throw on error. + The created win32 process. + + + + Create process with a token from a user logon. + + The user's credentials. + Logon flags. + The process configuration. + The created win32 process. + + + + Create process with a token from a user logon. + + The username. + The user's domain. + The user's password. + Logon flags. + The process configuration. + The created win32 process. + + + + Create process with a token from a user logon. + + The username. + The user's domain. + The user's password. + Logon flags. + The path to the executable. + The process command line. + Process creation flags. + The desktop name. + The created win32 process. + + + + Create process with a token. + + The token to create the process with. + The process configuration. + The created win32 process. + + + + Create process. + + The process configuration. + The created win32 process. + + + + Create process. + + Optional parent process. + The path to the executable. + The process command line. + Process creation flags. + The desktop name. + The created win32 process. + + + + Dispose the process. + + + + + Resume the entire process. + + + + + Suspend the entire process. + + + + + Terminate the process + + The exit code for the termination + + + + The handle to the process. + + + + + The handle to the initial thread. + + + + + The process ID of the process. + + + + + The thread ID of the initial thread. + + + + + True to terminate process when disposed. + + + + + Get the process' exit status. + + + + + Get the process' exit status as an NtStatus code. + + + + + Explicit conversion operator to an NtThread object. + + The win32 process + + + + Explicit conversion operator to an NtProcess object. + + The win32 process + + + + Specify the CreateProcess API to use with a Token. + + + + + Use CreateProcessAsUser, if that fails use CreateProcessWithToken. + + + + + Use only CreateProcessAsUser. + + + + + User only CreateProcessWithToken. + + + + + Win32 process creation configuration. + + + + + Specify security descriptor of process. + + + + + Specify process handle is inheritable. + + + + + Specify security descriptor of thread. + + + + + Specify thread handle is inheritable. + + + + + Specify to inherit handles. + + + + + Specify parent process. + + + + + Specify path to application executable. + + + + + Specify command line. + + + + + Specify creation flags. + + + + + Specify environment block. + + + + + Specify current directory. + + + + + Specify desktop name. + + + + + Specify window title. + + + + + True to terminate the process when it's disposed. + + + + + Specify the mitigation options. + + + + + Specify the mitigation options 2. + + + + + Specify win32k filter flags. + + + + + Specify win32k filter level. + + + + + Specify PP level. + + + + + Specify list of handles to inherit. + + + + + Specify the appcontainer Sid. + + + + + Specify the appcontainer capabilities. + + + + + Specify LPAC. + + + + + Restrict the process from creating child processes. + + + + + Override child process creation restriction. + + + + + Set child process mitigation flags. + + + + + Specify new process policy when creating a desktop bridge application. + + + + + Specify a token to use for the new process. + + + + + Specify a stdin handle for the new process (you must inherit the handle). + + + + + Specify a stdout handle for the new process (you must inherit the handle). + + + + + Specify a stderror handle for the new process (you must inherit the handle). + + + + + Specify the package name to use. + + + + + Specify handle to pseudo console. + + + + + Specify Base Named Objects isolation prefix. + + + + + Specify the safe open prompt original claim. + + + + + When specifying the debug flags use this debug object instead of the current thread's object. + + + + + When specified do not fallback to using CreateProcessWithToken if CreateProcessWithUser fails. + + + + + Specify additional extended flags. + + + + + Specify list of handles to inherit. + + + + + Specify a service window station and desktop. + + + + + Specify authentication credentials for CreateProcessWithLogon. + + + + + Specify logon flags for the Credentials or when calling CreateProcessWithToken. + + + + + Specify the type of API to call when specifying a token. + + + + + Specify component filter flags. + + + + + Add an object's handle to the list of inherited handles. + + The object to add. + The raw handle value. + Note that this doesn't maintain a reference to the object. It should be kept + alive until the process has been created. + + + + Add an AppContainer capability by name. + + The name of the capability. + + + + Add an AppContainer capability by name. + + The capability SID. + + + + Set AppContainer SID from a package name. + + The package name. + + + + Constructor. + + + + + Flags for create process. + + + + + No flags. + + + + + Debug process. + + + + + Debug only this process. + + + + + Create suspended. + + + + + Detach process. + + + + + Create a new console. + + + + + Normal priority class. + + + + + Idle priority class. + + + + + High priority class. + + + + + Realtime priority class. + + + + + Create a new process group. + + + + + Create from a unicode environment. + + + + + Create a separate WOW VDM. + + + + + Share the WOW VDM. + + + + + Force DOS process. + + + + + Below normal priority class. + + + + + Above normal priority class. + + + + + Inherit parent affinity. + + + + + Inherit caller priority (deprecated) + + + + + Create a protected process. + + + + + Specify extended startup information is present. + + + + + Process mode background begin. + + + + + Process mode background end. + + + + + Create a secure process. + + + + + Breakaway from a job object. + + + + + Preserve code authz level. + + + + + Default error mode. + + + + + No window. + + + + + Profile user. + + + + + Profile kernel. + + + + + Profile server. + + + + + Ignore system default. + + + + + Flags for CreateProcessWithLogon + + + + + No flags. + + + + + With a profile. + + + + + Using network credentials. + + + + + Win32k filter flags. + + + + + No flags. + + + + + Enable filter. + + + + + Audit filter. + + + + + Flags for create thread. + + + + + No flags. + + + + + Create suspended. + + + + + Stack size is a reservation. + + + + + Specify PPL level. + + + + + None + + + + + Safe level as parent. + + + + + Tcb PPL + + + + + Windows PP + + + + + Windows PPL + + + + + Antimalware PPL + + + + + LSA PPL + + + + + Tcb PP + + + + + Code Generation PPL + + + + + Authenticode PP + + + + + App PPL + + + + + Extended process flags. + + + + + No flags. + + + + + Log elevation failure. + + + + + Ignore elevation requirements. + + + + + Force job breakaway (needs TCB privilege). + + + + + Process mitigation option flags. + + + + + Process mitigation option 2 flags. + + + + + Class representing a service instance. + + + + + The name of the service. + + + + + The description of the service. + + + + + Type of service. + + + + + Image path for the service. + + + + + Command line for the service. + + + + + Service DLL if a shared process server. + + + + + Current service status. + + + + + What controls are accepted by the service. + + + + + Whether the service can be stopped. + + + + + The Win32 exit code. + + + + + The service specific exit code, if Win32ExitCode is Win32Error.ERROR_SERVICE_SPECIFIC_ERROR. + + + + + The checkpoint while starting. + + + + + Waiting hint time. + + + + + Service flags. + + + + + Process ID of the running service. + + + + + The security descriptor of the service. + + + + + The list of triggers for the service. + + + + + The service SID type. + + + + + The service launch protected setting. + + + + + The service required privileges. + + + + + Service start type. + + + + + Whether the service is a delayed auto start service. + + + + + Error control. + + + + + Load order group. + + + + + Tag ID for load order. + + + + + Dependencies. + + + + + The user name this service runs under. + + + + + Type of service host when using Win32Share. + + + + + Service main function when using Win32Share. + + + + + Indicates if this service process is grouped with others. + + + + + The name of the machine this service was found on. + + + + + Overridden ToString method. + + The name of the service. + + + + Utilities for Win32 APIs. + + + + + Get a mask dictionary for a type. + + The enumerated type to query for names. + The valid access. + A dictionary mapping a mask value to a name. + + + + Get a mask dictionary for a type. + + The enumerated type to query for names. + The valid access. + Specify to get the SDK name instead of a formatting enumerated name. + A dictionary mapping a mask value to a name. + + + + Display the edit security dialog. + + Parent window handle. + NT object to display the security. + The name of the object to display. + True to force the UI to read only. + + + + Display the edit security dialog. + + Parent window handle. + The name of the object to display. + The security descriptor to display. + The NT type of the object. + + + + Display the edit security dialog. + + Parent window handle. + The name of the object to display. + The security descriptor to display. + An enumerated type for the access mask. + Generic mapping for the access rights. + Valid access mask for the access rights. + + + + Define a new DOS device. + + The dos device flags. + The device name to define. + The target path. + + + + Get Windows INVALID_HANDLE_VALUE. + + + + + Parse a command line into arguments. + + The parsed command line. + The list of arguments. + + + + Get the image path from a command line. + + The command line to parse. + The image path, returns the original command line if can't find a valid image path. + + + + Get Win32 path name for a file. + + The file to get the path from. + Flags for the path to return. + True to throw on error. + The win32 path. + + + + Get Win32 path name for a file. + + The file to get the path from. + Flags for the path to return. + The win32 path. + + + + Format a message. + + The module containing the message. + The ID of the message. + The message. Empty string on error. + + + + Format a message. + + The ID of the message. + The message. Empty string on error. + + + + Open a file with the Win32 CreateFile API. + + The filename to open. + The desired access. + The share mode. + Optional security descriptor. + True to set the handle as inheritable. + Creation disposition. + Flags and attributes. + Optional template file. + True to throw on error. + The opened file handle. + + + + Open a file with the Win32 CreateFile API. + + The filename to open. + The desired access. + The share mode. + Optional security descriptor. + True to set the handle as inheritable. + Creation disposition. + Flags and attributes. + Optional template file. + The opened file handle. + + + + Open a file with the Win32 CreateFile API. + + The filename to open. + The desired access. + The share mode. + Creation disposition. + Flags and attributes. + True to throw on error. + The opened file handle. + + + + Open a file with the Win32 CreateFile API. + + The filename to open. + The desired access. + The share mode. + Creation disposition. + Flags and attributes. + The opened file handle. + + + + Send key down events. + + The key codes to send. + + + + Send key down events. + + The key codes to send. + + + + Send key down then up events. + + The key codes to send. + This will send all keys down first, then all up. + + + + This creates a Window Station using the User32 API. + + The name of the Window Station. + The Window Station. + + + + Create a remote thread. + + The process to create the thread in. + The thread security descriptor. + Whether the handle should be inherited. + The size of the stack. 0 for default. + Start address for the thread. + Parameter to pass to the thread. + The flags for the thread creation. + True to throw on error. + The created thread. + Thrown on error. + + + + Create a remote thread. + + The process to create the thread in. + The thread security descriptor. + Whether the handle should be inherited. + The size of the stack. 0 for default. + Start address for the thread. + Parameter to pass to the thread. + The flags for the thread creation. + The created thread. + Thrown on error. + + + + Create a remote thread. + + The process to create the thread in. + Start address for the thread. + Parameter to pass to the thread. + The flags for the thread creation. + The created thread. + Thrown on error. + + + + Get a list of all console sessions. + + True to throw on error. + The list of console sessions. + + + + Get a list of all console sessions. + + The list of console sessions. + + + + Write debug string to output. + + The debug string to write. + + +