Added access check result to Show-NtSecurityDescriptor.

tyranid · tyranid · commit 0e6405477100 · 2020-02-08T22:00:58.000-08:00
diff --git a/NtObjectManager/NtObjectManager.psm1 b/NtObjectManager/NtObjectManager.psm1
@@ -1665,6 +1665,8 @@ function Show-NtSecurityDescriptor {
     [NtApiDotNet.NtObject]$Object,
     [Parameter(ParameterSetName = "FromObject")]
     [switch]$ReadOnly,
+    [Parameter(Position = 0, ParameterSetName = "FromAccessCheck", Mandatory = $true)]
+    [NtObjectManager.AccessCheckResult]$AccessCheckResult,
     [Parameter(Position = 0, ParameterSetName = "FromSecurityDescriptor", Mandatory = $true)]
     [NtApiDotNet.SecurityDescriptor]$SecurityDescriptor,
     [Parameter(Position = 1, ParameterSetName = "FromSecurityDescriptor")]
@@ -1710,6 +1712,14 @@ function Show-NtSecurityDescriptor {
         }
         Start-Process -FilePath "$PSScriptRoot\ViewSecurityDescriptor.exe" -ArgumentList @("`"$Name`"", "`"$($SecurityDescriptor.ToSddl())`"","`"$($Type.Name)`"") -Wait:$Wait
     }
+    "FromAccessCheck" {
+        if ($AccessCheckResult.SecurityDescriptor -eq "") {
+            return
+        }
+
+        Show-NtSecurityDescriptor -SecurityDescriptor $AccessCheckResult.SecurityDescriptor `
+                -Type $AccessCheckResult.TypeName -Name $AccessCheckResult.Name
+    }
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1665,6 +1665,8 @@ function Show-NtSecurityDescriptor {`
`1665`	`1665`	`[NtApiDotNet.NtObject]$Object,`
`1666`	`1666`	`[Parameter(ParameterSetName = "FromObject")]`
`1667`	`1667`	`[switch]$ReadOnly,`
	`1668`	`+ [Parameter(Position = 0, ParameterSetName = "FromAccessCheck", Mandatory = $true)]`
	`1669`	`+ [NtObjectManager.AccessCheckResult]$AccessCheckResult,`
`1668`	`1670`	`[Parameter(Position = 0, ParameterSetName = "FromSecurityDescriptor", Mandatory = $true)]`
`1669`	`1671`	`[NtApiDotNet.SecurityDescriptor]$SecurityDescriptor,`
`1670`	`1672`	`[Parameter(Position = 1, ParameterSetName = "FromSecurityDescriptor")]`
`@@ -1710,6 +1712,14 @@ function Show-NtSecurityDescriptor {`
`1710`	`1712`	`}`
`1711`	`1713`	Start-Process -FilePath "$PSScriptRoot\ViewSecurityDescriptor.exe" -ArgumentList @("`"$Name`"", "`"$($SecurityDescriptor.ToSddl())`"","`"$($Type.Name)`"") -Wait:$Wait
`1712`	`1714`	`}`
	`1715`	`+ "FromAccessCheck" {`
	`1716`	`+ if ($AccessCheckResult.SecurityDescriptor -eq "") {`
	`1717`	`+ return`
	`1718`	`+ }`
	`1719`	`+`
	`1720`	+ Show-NtSecurityDescriptor -SecurityDescriptor $AccessCheckResult.SecurityDescriptor `
	`1721`	`+ -Type $AccessCheckResult.TypeName -Name $AccessCheckResult.Name`
	`1722`	`+ }`
`1713`	`1723`	`}`
`1714`	`1724`	`}`
`1715`	`1725`