Merge pull request #2034 from jhawkesworth/add_binary_to_regedit

Windows: win_regedit; Add support for managing binary registry data to win_regedit
This commit is contained in:
Matt Davis 2016-04-18 10:59:10 -07:00
commit 82da45e520
2 changed files with 95 additions and 2 deletions

View file

@ -28,6 +28,8 @@ New-PSDrive -PSProvider registry -Root HKEY_CURRENT_CONFIG -Name HCCC -ErrorActi
$params = Parse-Args $args; $params = Parse-Args $args;
$result = New-Object PSObject; $result = New-Object PSObject;
Set-Attr $result "changed" $false; Set-Attr $result "changed" $false;
Set-Attr $result "data_changed" $false;
Set-Attr $result "data_type_changed" $false;
$registryKey = Get-Attr -obj $params -name "key" -failifempty $true $registryKey = Get-Attr -obj $params -name "key" -failifempty $true
$registryValue = Get-Attr -obj $params -name "value" -default $null $registryValue = Get-Attr -obj $params -name "value" -default $null
@ -56,11 +58,78 @@ Function Test-RegistryValueData {
} }
} }
# Returns rue if registry data matches.
# Handles binary and string registry data
Function Compare-RegistryData {
Param (
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$ReferenceData,
[parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$DifferenceData
)
$refType = $ReferenceData.GetType().Name
if ($refType -eq "String" ) {
if ($ReferenceData -eq $DifferenceData) {
return $true
} else {
return $false
}
} elseif ($refType -eq "Object[]") {
if (@(Compare-Object $ReferenceData $DifferenceData -SyncWindow 0).Length -eq 0) {
return $true
} else {
return $false
}
}
}
# Simplified version of Convert-HexStringToByteArray from
# https://cyber-defense.sans.org/blog/2010/02/11/powershell-byte-array-hex-convert
# Expects a hex in the format you get when you run reg.exe export,
# and converts to a byte array so powershell can modify binary registry entries
function Convert-RegExportHexStringToByteArray
{
Param (
[parameter(Mandatory=$true)] [String] $String
)
# remove 'hex:' from the front of the string if present
$String = $String.ToLower() -replace '^hex\:', ''
#remove whitespace and any other non-hex crud.
$String = $String.ToLower() -replace '[^a-f0-9\\,x\-\:]',''
# turn commas into colons
$String = $String -replace ',',':'
#Maybe there's nothing left over to convert...
if ($String.Length -eq 0) { ,@() ; return }
#Split string with or without colon delimiters.
if ($String.Length -eq 1)
{ ,@([System.Convert]::ToByte($String,16)) }
elseif (($String.Length % 2 -eq 0) -and ($String.IndexOf(":") -eq -1))
{ ,@($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}}) }
elseif ($String.IndexOf(":") -ne -1)
{ ,@($String -split ':+' | foreach-object {[System.Convert]::ToByte($_,16)}) }
else
{ ,@() }
}
if($registryDataType -eq "binary" -and $registryData -ne $null) {
$registryData = Convert-RegExportHexStringToByteArray($registryData)
}
if($state -eq "present") { if($state -eq "present") {
if ((Test-Path $registryKey) -and $registryValue -ne $null) if ((Test-Path $registryKey) -and $registryValue -ne $null)
{ {
if (Test-RegistryValueData -Path $registryKey -Value $registryValue) if (Test-RegistryValueData -Path $registryKey -Value $registryValue)
{ {
# handle binary data
$currentRegistryData =(Get-ItemProperty -Path $registryKey | Select-Object -ExpandProperty $registryValue)
if ($registryValue.ToLower() -eq "(default)") { if ($registryValue.ToLower() -eq "(default)") {
# Special case handling for the key's default property. Because .GetValueKind() doesn't work for the (default) key property # Special case handling for the key's default property. Because .GetValueKind() doesn't work for the (default) key property
$oldRegistryDataType = "String" $oldRegistryDataType = "String"
@ -77,6 +146,8 @@ if($state -eq "present") {
Remove-ItemProperty -Path $registryKey -Name $registryValue Remove-ItemProperty -Path $registryKey -Name $registryValue
New-ItemProperty -Path $registryKey -Name $registryValue -Value $registryData -PropertyType $registryDataType New-ItemProperty -Path $registryKey -Name $registryValue -Value $registryData -PropertyType $registryDataType
$result.changed = $true $result.changed = $true
$result.data_changed = $true
$result.data_type_changed = $true
} }
Catch Catch
{ {
@ -84,11 +155,12 @@ if($state -eq "present") {
} }
} }
# Changes Only Data # Changes Only Data
elseif ((Get-ItemProperty -Path $registryKey | Select-Object -ExpandProperty $registryValue) -ne $registryData) elseif (-Not (Compare-RegistryData -ReferenceData $currentRegistryData -DifferenceData $registryData))
{ {
Try { Try {
Set-ItemProperty -Path $registryKey -Name $registryValue -Value $registryData Set-ItemProperty -Path $registryKey -Name $registryValue -Value $registryData
$result.changed = $true $result.changed = $true
$result.data_changed = $true
} }
Catch Catch
{ {

View file

@ -43,7 +43,7 @@ options:
aliases: [] aliases: []
data: data:
description: description:
- Registry Value Data - Registry Value Data. Binary data should be expressed as comma separated hex values. An easy way to generate this is to run C(regedit.exe) and use the I(Export) option to save the registry values to a file. In the exported file binary values will look like C(hex:be,ef,be,ef). The C(hex:) prefix is optional.
required: false required: false
default: null default: null
aliases: [] aliases: []
@ -94,6 +94,15 @@ EXAMPLES = '''
data: 1337 data: 1337
datatype: dword datatype: dword
# Creates Registry Key called MyCompany,
# a value within MyCompany Key called "hello", and
# binary data for the value "hello" as type "binary".
win_regedit:
key: HKCU:\Software\MyCompany
value: hello
data: hex:be,ef,be,ef,be,ef,be,ef,be,ef
datatype: binary
# Delete Registry Key MyCompany # Delete Registry Key MyCompany
# NOTE: Not specifying a value will delete the root key which means # NOTE: Not specifying a value will delete the root key which means
# all values will be deleted # all values will be deleted
@ -107,3 +116,15 @@ EXAMPLES = '''
value: hello value: hello
state: absent state: absent
''' '''
RETURN = '''
data_changed:
description: whether this invocation changed the data in the registry value
returned: success
type: boolean
sample: False
data_type_changed:
description: whether this invocation changed the datatype of the registry value
returned: success
type: boolean
sample: True
'''