上QQ阅读APP看书,第一时间看更新
How to do it...
Install and start PowerShell Core on Windows and execute the following steps:
- Execute the following code to list items in the local machine registry hive:
# Like the filesystem, the local registry hives can be browsed.
# ACLs apply, so AccessDenied errors aren't uncommon
Get-ChildItem HKLM:\SOFTWARE
- Since there're no additional filters, you don't have much control over Get-ChildItem, which only returns registry keys and displays their values. Trying to enumerate values this way fails:
# Get-ChildItem returns Keys and their values by default
Get-ChildItem -Recurse -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- To enumerate registry values, the Get-ItemProperty cmdlet is used. Try the following code sample:
# To retrieve only properties, Get-ItemProperty is used instead
# Without a name, Get-ItemProperty returns all values in a given path
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'
# If only the property value is used
Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
# While this is used predominantly for Registry access, it can be used for the file
# system as well. However, this approach is very cumbersome
Get-ItemProperty -Path $(Get-Command -Name pwsh).Source -Name LastWriteTime
- Creating new items works similarly to the filesystem. Notice that registry keys are created, not values:
# In order to create new keys, you can use New-Item
New-Item -Path HKCU:\Software -Name MyProduct
- In order to work with values, the ItemProperty cmdlets are used. Try the next code sample to see how new values are created and existing values are changed:
<#
To create new values, use New-ItemProperty. Values for PropertyType include:
String (REG_SZ): Standard string
ExpandString (REG_EXPAND_SZ): String with automatic environment variable expansion
Binary (REG_BINARY): Binary data
DWord (REG_DWORD): 32bit binary number
MultiString (REG_MULTI_SZ): String array
QWord (REG_QWORD): 64bit binary number
#>
New-ItemProperty -Path HKCU:\Software\MyProduct -Name Version -Value '0.9.9-rc1' -PropertyType String
New-ItemProperty -Path HKCU:\Software\MyProduct -Name SourceCode -Value $([Text.Encoding]::Unicode.GetBytes('Write-Host "Cool, isnt it?"')) -PropertyType Binary
# Test it ;)
[scriptblock]::Create($([Text.Encoding]::Unicode.GetString($(Get-ItemPropertyValue -Path HKCU:\Software\MyProduct -Name SourceCode)))).Invoke()
# Change an item
Set-ItemProperty -Path HKCU:\Software\MyProduct -Name SourceCode -Value $([Text.Encoding]::Unicode.GetBytes('Stop-Computer -WhatIf'))
[Text.Encoding]::Unicode.GetString($(Get-ItemPropertyValue -Path HKCU:\Software\MyProduct -Name SourceCode))
- Removing items is straightforward. Try the next code sample to remove your key again:
# The default removal cmdlet works just as well
Remove-Item -Path HKCU:\Software\MyProduct -Verbose
- Note that the registry provider is unable to map remote registries—you need to use .NET to be able to do that.
# Not capable of using credentials
Get-PSProvider -PSProvider Registry
# Mapping local hives is fine
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
Get-ChildItem -Path HKCR:
Remove-PSDrive -Name HKCR