Available Blog posts:
3/2/2020 - Windows Spotlight Images, cool photos for backgrounds and more
3/2/2020 - Quickly Build User Interfaces for System Administration Tools in PowerShell
1/31/2020 - PowerShell Disk Sizer
1/16/2020 - Dustin Higgins Social Media Links
1/2/2020 - Information Automation Consulting
12/24/2019 - PowerShell on a Dell
12/22/2019 - PowerShell, Making Sense of Binary
11/16/2019 - Who Is DHB?
10/3/2019 - Registry Last Write Time
9/27/2019 - Destination Host Unreachable
9/26/2019 - wmic Invalid Switch 44125 Error
3/14/2019 - Object Oriented Approach to PowerShell and SQL Server
2/4/2019 - PowerShell Export and Import of Datagrids Preserving Schema
1/16/2019 - Can't Copy from Adobe PDF Document
12/28/2018 - Blog Article 2018-12-28 - Windows 10 Touchpad Gestures
11/16/2018 - Blog Article 2018-11-16 - Intro to DHB Scripting
8/12/2018 - Version Control of Powershell Scripts
Direct Link: 12/22/2019PowerShell, Making Sense of Binary
PowerShell, Making Sense of Binary
I recently dealt with a work problem that had something to do with the Outlook user profile. I never ended up figuring that one out, however the exercise piqued my curiosity to learn all that I could about binary. I ended up Parsing the Outlook AutoComplete file just for fun but mainly to learn.
A lot of information stored in the Windows registry is stored in an non-human-readable binary format. Sometimes those value are just regular strings encoded in binary. I applied what I learned about binary to convert binary registry values to strings if the characters are printable. It is a nice tool to have when rooting around the registry to solve problems or figure out how things work.
Here is the function:
function Query-RegKey
{
<#
.SYNOPSIS
Function to query a reg key and convert binary to printable chars.
.DESCRIPTION
Function to query a reg key and convert binary to printable chars. -Recursive is also supported as a switch.
#>
param (
[Parameter(Mandatory=$true)]
[string]$RegKeyStr = $null,
[Parameter(Mandatory=$false)]
[switch]$Recurse
)
# Setup the Object
$Obj = [PSCustomObject]@{
Key = $RegKeyStr
KeyList = New-Object "System.Collections.Generic.List[string]"
ValueList = New-Object "System.Collections.Generic.List[psobject]"
Exception = $null
}
try {
# Query the Reg Key
$RegKey = Get-Item -Path "Registry::$($RegKeyStr)" -ErrorAction Stop
# Loop through all of the Values
foreach ($i in $RegKey.GetValueNames()) {
Write-Host $RegKeyStr -ForegroundColor Yellow
if ($i -eq "") {
$Value = Get-ItemPropertyValue -Path "Registry::$($RegKeyStr)" -Name "(Default)"
} else {
$Value = Get-ItemPropertyValue -Path "Registry::$($RegKeyStr)" -Name $i
}
$ValueObj = [PSCustomObject]@{
Key = $RegKeyStr
ValueName = $i
Value = $Value
ValueStr = ""
}
# Get the printable chars if it is a Byte array
if ($Value.GetType().Name -eq "Byte[]") {
# Create a StringBuilder to hold the string
$Sb = New-Object System.Text.StringBuilder
# Loop through the byte array
foreach ($b in $Value) {
# If it is printable, add the char to the string
if ($b -ge 0x20 -and $b -le 0xFE) {
[void]$Sb.Append([char]$b)
}
}
# Add the final string to the object
$ValueObj.ValueStr = $Sb.ToString()
}
# Add the Value Object to the ValueList of the Key Object
$Obj.ValueList.Add($ValueObj)
}
# Loop through all of the Keys
foreach ($i in $RegKey.GetSubKeyNames()) {
# Add the Key to the KeyList
$Obj.KeyList.Add($i)
}
# If -Recurse, call this function with each KeyName
if ($Recurse -eq $true) {
foreach ($k in $Obj.KeyList) {
Query-RegKey -RegKeyStr "$($RegKeyStr)\$($k)" -Recurse
}
}
} catch {
$Obj.Exception = $_
}
# Return the Object
Return $Obj
}Here is an example how to use it:
Query-RegKey -RegKeyStr "HKCU\Software\Microsoft\Office\16.0\Outlook" -Recurse
Here is an example of what the data might look like:
Feedback is welcomed and follow Dustin Higgins on Twitter and Instagram
DHB
Dustin Higgins is the primary inspiration behind DHB-Scripting.com, as well as a developer, IT admin, PowerShell enthusiast, entrepreneur, a founding member of DSM-Innovations, survivor, and part-time blogger.
First two comments: