Friday, March 30, 2012

Code Scratch: Querying the Registry with Powershell (Part I of many to come)

Below, some nearly incomprehensible code scratch on querying registry values and subkeys with  gci and gp. Querying the registry with Powershell will deserve more narrative than this in the future:

HKLM:\system\CurrentControlSet\Services

$a=Get-ChildItem hklm:\system\CurrentControlSet\Services
$b=Get-ChildItem hklm:\system\CurrentControlSet\Services | ForEach-Object {Get-ItemProperty $_.pspath}
$b| export-csv C:\ps1\CCS_gp.csv
$a.count
$b.count


sl HKLM:\system
$a=gci -path CurrentControlSet\Services
write "There are $($a.count) services or driver entries in HKLM:\system\CurrentControlSet\Services"
sl C:\
$b = foreach ($i in $a) {write " $($i.pspath), $($i.Name), $($i | findstr "ImagePath"), $($i | findstr "DisplayName")"}
$c= $b -replace("`t","")
$list="PsPath,Name,ImagePath,DisplayName"
$list | out-file -file c:\ps1\CCS_Service.csv
$c | out-file -append c:\ps1\CCS_Service.csv

HKLM:\software\Microsoft\Windows\CurrentVersion\Internet Settings

sl HKLM:\Software
PS HKLM:\software>
$a=foreach ($i in (ls "Microsoft\Windows\CurrentVersion\Internet Settings\Zones\")) {$i}

PS HKLM:\software> $a.Name
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4

$a | findstr PMDisplayName
            PMDisplayName    : Computer [Protected Mode]
            PMDisplayName    : Local intranet [Protected Mode]
            PMDisplayName    : Trusted sites [Protected Mode]
            PMDisplayName    : Internet [Protected Mode]
            PMDisplayName    : Restricted sites [Protected Mode]

sl HKLM:\Software
$a=foreach ($i in (ls "Microsoft\Windows\CurrentVersion\Internet Settings\Zones\")) {$i}
$b=foreach ($i in ($a.PSpath)) {gp $i}
$c=foreach ($i in $b) {gp *}
$d=foreach ($i in $b) {ls *}

$d.GetSubkeyNames()
$d.PSPath
$d.Name
$d.handle

$e=$d.GetSubkeyNames()
$e | findstr \
$e | grep CLSID
$e | grep -n CLSID
$e | grep -n \


$e.count
160
$e | wc -l
41155
$f=$null;foreach ($i in (0..[int64]($e.count -1))) {$f+=$e.getvalue($i)}
$f.count
41155

PS HKLM:\software> $f | sls CLSID

CLSID
ExplorerCLSIDFlags
ImgUtil.CoMapMIMEToCLSID
ImgUtil.CoMapMIMEToCLSID.1
ROXCLSID
CLSID
ExplorerCLSIDFlags
ImgUtil.CoMapMIMEToCLSID
ImgUtil.CoMapMIMEToCLSID.1
ROXCLSID
CLSID
ExplorerCLSIDFlags
ImgUtil.CoMapMIMEToCLSID
ImgUtil.CoMapMIMEToCLSID.1
ROXCLSID
CLSID
ExplorerCLSIDFlags
ImgUtil.CoMapMIMEToCLSID
ImgUtil.CoMapMIMEToCLSID.1
ROXCLSID
CLSID
ExplorerCLSIDFlags
ImgUtil.CoMapMIMEToCLSID
ImgUtil.CoMapMIMEToCLSID.1
ROXCLSID


sl HKLM:\software
$a=gci -path "Microsoft\Windows\CurrentVersion\Internet Settings\Zones"
write "There are $($a.count) entries in HKLM:\software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones"
sl C:\
$b = foreach ($i in $a) {write " $($i.pspath), $($i.Name), $($i | findstr "Description"), $($i | findstr "PMDisplayName")"}
$c= $b -replace("`t","")
$list="PsPath,Name,Description,PMDisplayName"
$list | out-file -file c:\ps1\CCS_Service.csv
$c | out-file -append c:\ps1\CCS_Service.csv

Posted by Ryan M. Ferris at 9:33 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)