From a0e59489e399f8849b2b2c814670cf7742f92635 Mon Sep 17 00:00:00 2001 From: James Forshaw Date: Tue, 21 Jan 2020 13:57:47 -0800 Subject: [PATCH] Updated to v1.1.26. --- NtApiDotNet/NtApiDotNet.Core.csproj | 4 +-- NtApiDotNet/NtApiDotNet.nuspec | 30 +++++++++++++-------- NtApiDotNet/Properties/AssemblyInfo.cs | 6 ++--- NtObjectManager/NtObjectManager.Core.csproj | 4 +-- NtObjectManager/NtObjectManager.psd1 | 29 +++++++++++++------- NtObjectManager/Properties/AssemblyInfo.cs | 6 ++--- README.txt | 22 ++++++++++++++- 7 files changed, 70 insertions(+), 31 deletions(-) diff --git a/NtApiDotNet/NtApiDotNet.Core.csproj b/NtApiDotNet/NtApiDotNet.Core.csproj index d9a6ad350..7827a8dae 100644 --- a/NtApiDotNet/NtApiDotNet.Core.csproj +++ b/NtApiDotNet/NtApiDotNet.Core.csproj @@ -7,8 +7,8 @@ James Forshaw Google Inc. NtApiDotNet - 1.1.25.0 - Copyright © Google Inc. 2016, 2017, 2018, 2019 + 1.1.26.0 + Copyright © Google Inc. 2016-2020 1.0.0.0 https://www.apache.org/licenses/LICENSE-2.0 https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools diff --git a/NtApiDotNet/NtApiDotNet.nuspec b/NtApiDotNet/NtApiDotNet.nuspec index 6009cda46..d1775489b 100644 --- a/NtApiDotNet/NtApiDotNet.nuspec +++ b/NtApiDotNet/NtApiDotNet.nuspec @@ -11,19 +11,27 @@ false A .NET class library to access native NT API system calls -1.1.24 +1.1.26 -------- -* Added Add-NtTokenSecurityAttribute and Remove-NtTokenSecurityAttribute cmdlets. -* Added additional properties for running servies. -* Added support for drivers to Get-RunningService and Get-AccesibleService. -* Added fake service NtType objects for services and SCM to allow formatting and the UI. -* Added NtType property to security descriptors. -* Added option to Show-NtToken to elevate to admin. -* Added Suspend, Resume and Stop process commands. -* Added Get-NtEaBuffer and Set-NtEaBuffer commands. -* Added open to Get-NtDebug to get from a process. +* Add DeviceGuid to Get/New-NtFile +* Fixed bug in ETA registrations and added GUID enumeration. +* Added SetExceptionPort to NtProcess. +* Added child process mitigation improvements. +* Added extended Fork. +* Updated native process creation support. +* Various new non-throwing methods. +* Updated to C# 7.3. +* Added list of access rights to NtType. +* Added default mandatory policy to NtType. +* Added SetDisposition methods to NtFile. +* Added console and GUI support for Object ACEs. +* Updated access checking to support Object Types. +* Access check returns a structure rather than just an access mask. +* CPP style NDR formatting (#21) +* Added Get-NtTokenPrivilege command. +* Added Get-NtLocallyUniqueId command. - Copyright Google Inc. 2017, 2018, 2019 + Copyright Google Inc. 2016-2020 syscalls \ No newline at end of file diff --git a/NtApiDotNet/Properties/AssemblyInfo.cs b/NtApiDotNet/Properties/AssemblyInfo.cs index 1baa39d9e..abb5b3370 100644 --- a/NtApiDotNet/Properties/AssemblyInfo.cs +++ b/NtApiDotNet/Properties/AssemblyInfo.cs @@ -9,7 +9,7 @@ [assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("Google Inc.")] [assembly: AssemblyProduct("NtApiDotNet")] -[assembly: AssemblyCopyright("Copyright © Google Inc. 2016, 2017, 2018, 2019")] +[assembly: AssemblyCopyright("Copyright © Google Inc. 2016-2020")] [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] @@ -32,5 +32,5 @@ // by using the '*' as shown below: // [assembly: AssemblyVersion("1.0.*")] [assembly: AssemblyVersion("1.0.0.0")] -[assembly: AssemblyFileVersion("1.1.25.0")] -[assembly: AssemblyInformationalVersion("1.1.25")] \ No newline at end of file +[assembly: AssemblyFileVersion("1.1.26.0")] +[assembly: AssemblyInformationalVersion("1.1.26")] \ No newline at end of file diff --git a/NtObjectManager/NtObjectManager.Core.csproj b/NtObjectManager/NtObjectManager.Core.csproj index 14aafaee4..a33b8265b 100644 --- a/NtObjectManager/NtObjectManager.Core.csproj +++ b/NtObjectManager/NtObjectManager.Core.csproj @@ -7,8 +7,8 @@ James Forshaw Google Inc. NtObjectManager - 1.1.25.0 - Copyright © Google Inc. 2016, 2017, 2018, 2019 + 1.1.26.0 + Copyright © Google Inc. 2016-2020 1.0.0.0 https://www.apache.org/licenses/LICENSE-2.0 https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools diff --git a/NtObjectManager/NtObjectManager.psd1 b/NtObjectManager/NtObjectManager.psd1 index e442ba48b..8ad525162 100644 --- a/NtObjectManager/NtObjectManager.psd1 +++ b/NtObjectManager/NtObjectManager.psd1 @@ -18,7 +18,7 @@ RootModule = 'NtObjectManager.psm1' # Version number of this module. -ModuleVersion = '1.1.25' +ModuleVersion = '1.1.26' # ID used to uniquely identify this module GUID = 'ac251c97-67a6-4bc4-bb8a-5ae300e93030' @@ -30,7 +30,7 @@ Author = 'James Forshaw' CompanyName = 'Google Inc.' # Copyright statement for this module -Copyright = '(c) 2016, 2017, 2018, 2019 Google Inc. All rights reserved.' +Copyright = '(c) 2016-2020 Google Inc. All rights reserved.' # Description of the functionality provided by this module Description = 'This module adds a provider and cmdlets to access the NT object manager namespace.' @@ -117,14 +117,25 @@ PrivateData = @{ ProjectUri = 'https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools' # ReleaseNotes of this module - ReleaseNotes = '1.1.25 + ReleaseNotes = '1.1.26 -------- -* Added new options to Get-NtSecurityDescriptor. -* Updated accessible resource checking. -* Added Remove-NtTokenPrivilege. -* Added Session option to Get-NtToken. -* Added command line option to Show-NtToken. -* Added information classes for symbolic links. +* Add DeviceGuid to Get/New-NtFile +* Fixed bug in ETA registrations and added GUID enumeration. +* Added SetExceptionPort to NtProcess. +* Added child process mitigation improvements. +* Added extended Fork. +* Updated native process creation support. +* Various new non-throwing methods. +* Updated to C# 7.3. +* Added list of access rights to NtType. +* Added default mandatory policy to NtType. +* Added SetDisposition methods to NtFile. +* Added console and GUI support for Object ACEs. +* Updated access checking to support Object Types. +* Access check returns a structure rather than just an access mask. +* CPP style NDR formatting (#21) +* Added Get-NtTokenPrivilege command. +* Added Get-NtLocallyUniqueId command. ' # External dependent modules of this module diff --git a/NtObjectManager/Properties/AssemblyInfo.cs b/NtObjectManager/Properties/AssemblyInfo.cs index 2a4cc7543..e9f2892cc 100644 --- a/NtObjectManager/Properties/AssemblyInfo.cs +++ b/NtObjectManager/Properties/AssemblyInfo.cs @@ -9,7 +9,7 @@ [assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("Google Inc.")] [assembly: AssemblyProduct("NtObjectManager")] -[assembly: AssemblyCopyright("Copyright © Google Inc. 2016, 2017, 2018, 2019")] +[assembly: AssemblyCopyright("Copyright © Google Inc. 2016-2020")] [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] @@ -32,5 +32,5 @@ // by using the '*' as shown below: // [assembly: AssemblyVersion("1.0.*")] [assembly: AssemblyVersion("1.0.0.0")] -[assembly: AssemblyFileVersion("1.1.25.0")] -[assembly: AssemblyInformationalVersion("1.1.25")] +[assembly: AssemblyFileVersion("1.1.26.0")] +[assembly: AssemblyInformationalVersion("1.1.26")] diff --git a/README.txt b/README.txt index 5d3f5715c..529d0739f 100644 --- a/README.txt +++ b/README.txt @@ -1,6 +1,6 @@ sandbox-attacksurface-analysis-tools -(c) Google Inc. 2015, 2016, 2017, 2018, 2019 +(c) Google Inc. 2015, 2016, 2017, 2018, 2019, 2020 Developed by James Forshaw This is a small suite of PowerShell tools to test various properties of sandboxes on Windows. Many of the @@ -46,6 +46,26 @@ Thanks to the people who were willing to test it and give feedback: Release Notes: +1.1.26 +-------- +* Add DeviceGuid to Get/New-NtFile +* Fixed bug in ETA registrations and added GUID enumeration. +* Added SetExceptionPort to NtProcess. +* Added child process mitigation improvements. +* Added extended Fork. +* Updated native process creation support. +* Various new non-throwing methods. +* Updated to C# 7.3. +* Added list of access rights to NtType. +* Added default mandatory policy to NtType. +* Added SetDisposition methods to NtFile. +* Added console and GUI support for Object ACEs. +* Updated access checking to support Object Types. +* Access check returns a structure rather than just an access mask. +* CPP style NDR formatting (#21) +* Added Get-NtTokenPrivilege command. +* Added Get-NtLocallyUniqueId command. + 1.1.25 -------- * Added new options to Get-NtSecurityDescriptor.