adding the ability to manage binary registry data
This commit is contained in:
=
parent
204b4bab56
commit
8192ad24d5
2 changed files with 49 additions and 1 deletions
|
|
@ -56,6 +56,45 @@ Function Test-RegistryValueData {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
# Simplified version of Convert-HexStringToByteArray from
|
||||
# https://cyber-defense.sans.org/blog/2010/02/11/powershell-byte-array-hex-convert
|
||||
# Expects a hex in the format you get when you run reg.exe export,
|
||||
# and converts to a byte array so powershell can modify binary registry entries
|
||||
function Convert-RegExportHexStringToByteArray
|
||||
{
|
||||
Param (
|
||||
[parameter(Mandatory=$true))] [String] $String
|
||||
)
|
||||
|
||||
# remove 'hex:' from the front of the string if present
|
||||
$String = $String.ToLower() -replace '^hex\:', ''
|
||||
|
||||
#remove whitespace and any other non-hex crud.
|
||||
$String = $String.ToLower() -replace '[^a-f0-9\\,x\-\:]',''
|
||||
|
||||
# turn commas into colons
|
||||
$String = $String -replace ',',':'
|
||||
|
||||
#Maybe there's nothing left over to convert...
|
||||
if ($String.Length -eq 0) { ,@() ; return }
|
||||
|
||||
#Split string with or without colon delimiters.
|
||||
if ($String.Length -eq 1)
|
||||
{ ,@([System.Convert]::ToByte($String,16)) }
|
||||
elseif (($String.Length % 2 -eq 0) -and ($String.IndexOf(":") -eq -1))
|
||||
{ ,@($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}}) }
|
||||
elseif ($String.IndexOf(":") -ne -1)
|
||||
{ ,@($String -split ':+' | foreach-object {[System.Convert]::ToByte($_,16)}) }
|
||||
else
|
||||
{ ,@() }
|
||||
|
||||
}
|
||||
|
||||
if($registryDataType -eq "binary" -and $registryData -ne $null) {
|
||||
$registryData = Convert-RegExportHexStringToByteArray($registryData)
|
||||
}
|
||||
|
||||
if($state -eq "present") {
|
||||
if ((Test-Path $registryKey) -and $registryValue -ne $null)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ options:
|
|||
aliases: []
|
||||
data:
|
||||
description:
|
||||
- Registry Value Data
|
||||
- Registry Value Data. Binary data should be expressed as comma separated hex values. An easy way to generate this is to run regedit.exe and use the 'Export' option to save the registry values to a file. In the file binary values will look something like this: hex:be,ef,be,ef. The 'hex:' prefix is optional.
|
||||
required: false
|
||||
default: null
|
||||
aliases: []
|
||||
|
|
@ -94,6 +94,15 @@ EXAMPLES = '''
|
|||
data: 1337
|
||||
datatype: dword
|
||||
|
||||
# Creates Registry Key called MyCompany,
|
||||
# a value within MyCompany Key called "hello", and
|
||||
# binary data for the value "hello" as type "binary".
|
||||
win_regedit:
|
||||
key: HKCU:\Software\MyCompany
|
||||
value: hello
|
||||
data: hex:be,ef,be,ef,be,ef,be,ef,be,ef
|
||||
datatype: binary
|
||||
|
||||
# Delete Registry Key MyCompany
|
||||
# NOTE: Not specifying a value will delete the root key which means
|
||||
# all values will be deleted
|
||||
|
|
|
|||
Loading…
Reference in a new issue