Merge pull request #2034 from jhawkesworth/add_binary_to_regedit
Windows: win_regedit; Add support for managing binary registry data to win_regedit
This commit is contained in:
commit
82da45e520
2 changed files with 95 additions and 2 deletions
|
@ -28,6 +28,8 @@ New-PSDrive -PSProvider registry -Root HKEY_CURRENT_CONFIG -Name HCCC -ErrorActi
|
||||||
$params = Parse-Args $args;
|
$params = Parse-Args $args;
|
||||||
$result = New-Object PSObject;
|
$result = New-Object PSObject;
|
||||||
Set-Attr $result "changed" $false;
|
Set-Attr $result "changed" $false;
|
||||||
|
Set-Attr $result "data_changed" $false;
|
||||||
|
Set-Attr $result "data_type_changed" $false;
|
||||||
|
|
||||||
$registryKey = Get-Attr -obj $params -name "key" -failifempty $true
|
$registryKey = Get-Attr -obj $params -name "key" -failifempty $true
|
||||||
$registryValue = Get-Attr -obj $params -name "value" -default $null
|
$registryValue = Get-Attr -obj $params -name "value" -default $null
|
||||||
|
@ -56,11 +58,78 @@ Function Test-RegistryValueData {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Returns rue if registry data matches.
|
||||||
|
# Handles binary and string registry data
|
||||||
|
Function Compare-RegistryData {
|
||||||
|
Param (
|
||||||
|
[parameter(Mandatory=$true)]
|
||||||
|
[ValidateNotNullOrEmpty()]$ReferenceData,
|
||||||
|
[parameter(Mandatory=$true)]
|
||||||
|
[ValidateNotNullOrEmpty()]$DifferenceData
|
||||||
|
)
|
||||||
|
$refType = $ReferenceData.GetType().Name
|
||||||
|
|
||||||
|
if ($refType -eq "String" ) {
|
||||||
|
if ($ReferenceData -eq $DifferenceData) {
|
||||||
|
return $true
|
||||||
|
} else {
|
||||||
|
return $false
|
||||||
|
}
|
||||||
|
} elseif ($refType -eq "Object[]") {
|
||||||
|
if (@(Compare-Object $ReferenceData $DifferenceData -SyncWindow 0).Length -eq 0) {
|
||||||
|
return $true
|
||||||
|
} else {
|
||||||
|
return $false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Simplified version of Convert-HexStringToByteArray from
|
||||||
|
# https://cyber-defense.sans.org/blog/2010/02/11/powershell-byte-array-hex-convert
|
||||||
|
# Expects a hex in the format you get when you run reg.exe export,
|
||||||
|
# and converts to a byte array so powershell can modify binary registry entries
|
||||||
|
function Convert-RegExportHexStringToByteArray
|
||||||
|
{
|
||||||
|
Param (
|
||||||
|
[parameter(Mandatory=$true)] [String] $String
|
||||||
|
)
|
||||||
|
|
||||||
|
# remove 'hex:' from the front of the string if present
|
||||||
|
$String = $String.ToLower() -replace '^hex\:', ''
|
||||||
|
|
||||||
|
#remove whitespace and any other non-hex crud.
|
||||||
|
$String = $String.ToLower() -replace '[^a-f0-9\\,x\-\:]',''
|
||||||
|
|
||||||
|
# turn commas into colons
|
||||||
|
$String = $String -replace ',',':'
|
||||||
|
|
||||||
|
#Maybe there's nothing left over to convert...
|
||||||
|
if ($String.Length -eq 0) { ,@() ; return }
|
||||||
|
|
||||||
|
#Split string with or without colon delimiters.
|
||||||
|
if ($String.Length -eq 1)
|
||||||
|
{ ,@([System.Convert]::ToByte($String,16)) }
|
||||||
|
elseif (($String.Length % 2 -eq 0) -and ($String.IndexOf(":") -eq -1))
|
||||||
|
{ ,@($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}}) }
|
||||||
|
elseif ($String.IndexOf(":") -ne -1)
|
||||||
|
{ ,@($String -split ':+' | foreach-object {[System.Convert]::ToByte($_,16)}) }
|
||||||
|
else
|
||||||
|
{ ,@() }
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if($registryDataType -eq "binary" -and $registryData -ne $null) {
|
||||||
|
$registryData = Convert-RegExportHexStringToByteArray($registryData)
|
||||||
|
}
|
||||||
|
|
||||||
if($state -eq "present") {
|
if($state -eq "present") {
|
||||||
if ((Test-Path $registryKey) -and $registryValue -ne $null)
|
if ((Test-Path $registryKey) -and $registryValue -ne $null)
|
||||||
{
|
{
|
||||||
if (Test-RegistryValueData -Path $registryKey -Value $registryValue)
|
if (Test-RegistryValueData -Path $registryKey -Value $registryValue)
|
||||||
{
|
{
|
||||||
|
# handle binary data
|
||||||
|
$currentRegistryData =(Get-ItemProperty -Path $registryKey | Select-Object -ExpandProperty $registryValue)
|
||||||
|
|
||||||
if ($registryValue.ToLower() -eq "(default)") {
|
if ($registryValue.ToLower() -eq "(default)") {
|
||||||
# Special case handling for the key's default property. Because .GetValueKind() doesn't work for the (default) key property
|
# Special case handling for the key's default property. Because .GetValueKind() doesn't work for the (default) key property
|
||||||
$oldRegistryDataType = "String"
|
$oldRegistryDataType = "String"
|
||||||
|
@ -77,6 +146,8 @@ if($state -eq "present") {
|
||||||
Remove-ItemProperty -Path $registryKey -Name $registryValue
|
Remove-ItemProperty -Path $registryKey -Name $registryValue
|
||||||
New-ItemProperty -Path $registryKey -Name $registryValue -Value $registryData -PropertyType $registryDataType
|
New-ItemProperty -Path $registryKey -Name $registryValue -Value $registryData -PropertyType $registryDataType
|
||||||
$result.changed = $true
|
$result.changed = $true
|
||||||
|
$result.data_changed = $true
|
||||||
|
$result.data_type_changed = $true
|
||||||
}
|
}
|
||||||
Catch
|
Catch
|
||||||
{
|
{
|
||||||
|
@ -84,11 +155,12 @@ if($state -eq "present") {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# Changes Only Data
|
# Changes Only Data
|
||||||
elseif ((Get-ItemProperty -Path $registryKey | Select-Object -ExpandProperty $registryValue) -ne $registryData)
|
elseif (-Not (Compare-RegistryData -ReferenceData $currentRegistryData -DifferenceData $registryData))
|
||||||
{
|
{
|
||||||
Try {
|
Try {
|
||||||
Set-ItemProperty -Path $registryKey -Name $registryValue -Value $registryData
|
Set-ItemProperty -Path $registryKey -Name $registryValue -Value $registryData
|
||||||
$result.changed = $true
|
$result.changed = $true
|
||||||
|
$result.data_changed = $true
|
||||||
}
|
}
|
||||||
Catch
|
Catch
|
||||||
{
|
{
|
||||||
|
|
|
@ -43,7 +43,7 @@ options:
|
||||||
aliases: []
|
aliases: []
|
||||||
data:
|
data:
|
||||||
description:
|
description:
|
||||||
- Registry Value Data
|
- Registry Value Data. Binary data should be expressed as comma separated hex values. An easy way to generate this is to run C(regedit.exe) and use the I(Export) option to save the registry values to a file. In the exported file binary values will look like C(hex:be,ef,be,ef). The C(hex:) prefix is optional.
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
aliases: []
|
aliases: []
|
||||||
|
@ -94,6 +94,15 @@ EXAMPLES = '''
|
||||||
data: 1337
|
data: 1337
|
||||||
datatype: dword
|
datatype: dword
|
||||||
|
|
||||||
|
# Creates Registry Key called MyCompany,
|
||||||
|
# a value within MyCompany Key called "hello", and
|
||||||
|
# binary data for the value "hello" as type "binary".
|
||||||
|
win_regedit:
|
||||||
|
key: HKCU:\Software\MyCompany
|
||||||
|
value: hello
|
||||||
|
data: hex:be,ef,be,ef,be,ef,be,ef,be,ef
|
||||||
|
datatype: binary
|
||||||
|
|
||||||
# Delete Registry Key MyCompany
|
# Delete Registry Key MyCompany
|
||||||
# NOTE: Not specifying a value will delete the root key which means
|
# NOTE: Not specifying a value will delete the root key which means
|
||||||
# all values will be deleted
|
# all values will be deleted
|
||||||
|
@ -107,3 +116,15 @@ EXAMPLES = '''
|
||||||
value: hello
|
value: hello
|
||||||
state: absent
|
state: absent
|
||||||
'''
|
'''
|
||||||
|
RETURN = '''
|
||||||
|
data_changed:
|
||||||
|
description: whether this invocation changed the data in the registry value
|
||||||
|
returned: success
|
||||||
|
type: boolean
|
||||||
|
sample: False
|
||||||
|
data_type_changed:
|
||||||
|
description: whether this invocation changed the datatype of the registry value
|
||||||
|
returned: success
|
||||||
|
type: boolean
|
||||||
|
sample: True
|
||||||
|
'''
|
||||||
|
|
Loading…
Reference in a new issue