Search notes:

PowerShell module NtObjectManager

The module NtObjectManager allows, among others, to inspect kernel objects.

NtObjectManager Provider and its Drives

The kernel objects are exposed through a special provider (NtObjectManager). This provider exposes four drives: 
PS C:\> (get-psProvider NtObjectManager).drives | select name, root

Name            Root
----            ----
NtObject        nt:
NtObjectSession nt:Sessions\1\BaseNamedObjects
NtKey           ntkey:
NtKeyUser       ntkey:User\S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-1001
The kernel ob NTObject drive allows to list the kernel objects: 
PS C:\> ls NtObject:\
…

PS C:\> ls NtObject:\KernelObjects

Index

Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 8 attempt to write a readonly database in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php:78 Stack trace: #0 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(78): PDOStatement->execute(Array) #1 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(30): insert_webrequest_('/notes/Windows/...', 1758210039, '216.73.216.150', 'Mozilla/5.0 App...', NULL) #2 /home/httpd/vhosts/renenyffenegger.ch/httpsdocs/notes/Windows/PowerShell/modules/NtObjectManager(51): insert_webrequest() #3 {main} thrown in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php on line 78