-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathFormat-RegExport.ps1
149 lines (136 loc) · 6.83 KB
/
Format-RegExport.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
<#
.SYNOPSIS
Contains the function Format-RegExport.
.DESCRIPTION
When imported into a PowerShell shell or into a script, allows the use of the Format-RegExport function.
.EXAMPLE
PS> #To import the function enter the following command
PS> . .\Format-RegExport.ps1
#>
# Authot: mjmeans 2023-07-11
#
# CHANGE LOG
#
# 2023-07-11: mjmeans
# Created from refactoring out of Export-Registry.ps1
#
# KNOWN ISSUES
#
# - Using Get-Item or Get-ChildItem to get a registry object will have the object name in the same casing as the specified path.
# i.e. Get-Item 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT' and Get-Item 'Registry::HKEY_LOCAL_MACHINE:\SOFTWARE\Microsoft'
# will output different names. Make sure the passed registry object has the correct name casing before passing it to Format-RegExport.
#
# TO DO
#
# - Verify that $InputObject is an actual registry key instead of something else
#
# NOTES
#
# VALUES THAT CAN BE ENTERED USING THE REGEDIT GUI IN WINDOWS 10
# (Windows Registry Editor Version 5.00)
#
# PSValueKind Win32 Type RegFormat
# ------------ ----------------------- ------------------------------------------------------------------------------------------------------------------------------------
# String REG_SZ ="<String value data with escape characters>"
# Binary REG_BINARY =hex:<Binary data (as comma-delimited list of hexadecimal values)>
# DWord REG_DWORD =dword:<DWORD value integer>
# ExpandString REG_EXPAND_SZ =hex(2):<Expandable string value data (as comma-delimited list of hexadecimal values representing a UTF-16LE NUL-terminated string)>
# MultiString REG_MULTI_SZ =hex(7):<Multi-string value data (as comma-delimited list of hexadecimal values representing UTF-16LE NUL-terminated array of strings)>
# QWord REG_QWORD =hex(b):<QWORD value (as comma-delimited list of 8 hexadecimal values, in little endian byte order)>
# REG_DWORD_LITTLE_ENDIAN <Equivalent to REG_DWORD>
# REG_QWORD_LITTLE_ENDIAN <Equivalent to REG_QWORD>
#
# OTHER FORMATS WHICH CANNOT BE ENTERED USING THE REGEDIT GUI AND ARE NOT YET IMPLEMENTED HERE
#
# PSValueKind Win32 Typ RegFormat
# ------------ ----------------------- ------------------------------------------------------------------------------------------------------------------------------------
# REG_NONE =hex(0):<REG_NONE (as comma-delimited list of hexadecimal values)>
# REGE_SZ =hex(1):<REG_SZ (as comma-delimited list of hexadecimal values representing a UTF-16LE NUL-terminated string)>
# =hex(3):<Binary data (as comma-delimited list of hexadecimal values)> ; equal to "Value B"
# REG_DWORD_LITTLE_ENDIAN =hex(4):<DWORD value (as comma-delimited list of 4 hexadecimal values, in little endian byte order)>
# REG_DWORD_BIG_ENDIAN =hex(5):<DWORD value (as comma-delimited list of 4 hexadecimal values, in big endian byte order)>
# =hex(6):<unknown or undefined>
# =hex(8):<REG_RESOURCE_LIST (as comma-delimited list of hexadecimal values)>
# =hex(9):<unknown or undefined>
# =hex(a):<REG_RESOURCE_REQUIREMENTS_LIST (as comma-delimited list of hexadecimal values)>
# REG_LINK =<unknown>:<A null-terminated Unicode string that contains the target path of a symbolic link that was created by calling the RegCreateKeyEx function with REG_OPTION_CREATE_LINK>
function Format-RegExport {
<#
.Synopsis
Formats the output as a *.reg format compatible multi-line string.
.Description
The Format-RegKey cmdlet formats the output of a Get-Item or Get-ChildItem object containing a registry Subkey
into a *.reg comptaible format.
.Parameter InputObject
The path to the registry key you want to export.
.Example
Get-Item 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion' | Format-RegExport
#>
[CmdletBinding()]
Param (
[Parameter(
Position=0,
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)
]
[object]$InputObject
)
## Constants
$crlf = "`r`n"
$key = $InputObject
$k = $key.Name
Write-Verbose "Processing key $k"
Write-Output "$crlf[$k]"
foreach ($prop in $key.Property) {
Write-Verbose "- Processing property $prop"
$p=$prop
if ($prop -eq '(default)') {
$v=$key.GetValue('',$null,'DoNotExpandEnvironmentNames')
$p='@'
} else {
$v=$key.GetValue($prop,$null,'DoNotExpandEnvironmentNames')
$p="`"$prop`""
}
Write-Verbose "- Value is $v"
if ($v -ne $null) {
if ($prop -eq '(default)') {
$t=$key.GetValueKind('')
} else {
$t=$key.GetValueKind($prop)
}
Write-Verbose "- Type is $t"
if ($t -eq 'String') {
$pv = "$p=`"$($v -replace('\\','\\') -replace('\"','\"'))`""
Write-Output $pv
} elseif ($t -eq 'DWord') {
$pv = "$p=dword:$("{0:x8}" -f $v)"
Write-Output $pv
} elseif ($t -eq 'QWord') {
$a = [byte[]] -split (("{0:x16}" -f $v) -replace '..', '0x$& ')
[array]::Reverse($a)
$pv = "$p=hex(b):"+(($a|ForEach-Object ToString x2) -join ',')
Write-Output $pv
} elseif ($t -eq 'Binary') {
$pv = "$p=hex:"+(($v|ForEach-Object ToString x2) -join ',')
$pv = ($pv -replace '((^.{76,78},)|(.{74,76},))', "`$1\`r`n ")
Write-Output $pv
} elseif ($t -eq 'ExpandString') {
$a = [System.Text.Encoding]::Unicode.GetBytes($v)
$pv = "$p=hex(2):"+(($a|ForEach-Object ToString x2) -join ',') +',00,00'
$pv = ($pv -replace '((^.{76,78},)|(.{74,76},))', "`$1\`r`n ")
Write-Output $pv
} elseif ($t -eq 'MultiString') {
$q = [System.String]::Join("`0",$v)
$a = [System.Text.Encoding]::Unicode.GetBytes($q)
$pv = "$p=hex(7):"+(($a|ForEach-Object ToString x2) -join ',') +',00,00,00,00'
$pv = ($pv -replace '((^.{76,78},)|(.{74,76},))', "`$1\`r`n ")
Write-Output $pv
} else {
throw "unexpected registry value type: `n`r Key: $k`r`n Property: $p`r`n Type: $t`r`n Value: $v"
# todo hex(7) type
exit
}
}
}
}