-
Notifications
You must be signed in to change notification settings - Fork 146
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #24 from PowerShellMafia/dev
0.6.0 release changes
- Loading branch information
Showing
16 changed files
with
996 additions
and
1,023 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,117 @@ | ||
| function Get-CSInstalledAppCompatShimDatabase { | ||
| <# | ||
| .SYNOPSIS | ||
| List installed application compatibility databases. | ||
| Author: Matthew Graeber (@mattifestation) | ||
| License: BSD 3-Clause | ||
| .DESCRIPTION | ||
| Get-InstalledAppCompatShimDatabase lists details about all installed application compatibility databases (SDB). While WMI is unable to parse installed SDBs, Get-InstalledAppCompatShimDatabase is useful for sweeping a large amount of systems for the purposes of identifying anomolous, installed databases. | ||
| .PARAMETER CimSession | ||
| Specifies the CIM session to use for this cmdlet. Enter a variable that contains the CIM session or a command that creates or gets the CIM session, such as the New-CimSession or Get-CimSession cmdlets. For more information, see about_CimSessions. | ||
| .EXAMPLE | ||
| Get-CSRegistryAutoStart | ||
| Lists all installed app compat databases. | ||
| .OUTPUTS | ||
| CimSweep.AppCompatDB | ||
| Outputs objects representing the relevant information regarding installed application compatibility databases. Note: the InstallDateTime property is a UTC datetime. | ||
| #> | ||
|
|
||
| [CmdletBinding()] | ||
| [OutputType('CimSweep.AppCompatDB')] | ||
| param( | ||
| [Alias('Session')] | ||
| [ValidateNotNullOrEmpty()] | ||
| [Microsoft.Management.Infrastructure.CimSession[]] | ||
| $CimSession | ||
| ) | ||
|
|
||
| BEGIN { | ||
| # If a CIM session is not provided, trick the function into thinking there is one. | ||
| if (-not $PSBoundParameters['CimSession']) { | ||
| $CimSession = '' | ||
| $CIMSessionCount = 1 | ||
| } else { | ||
| $CIMSessionCount = $CimSession.Count | ||
| } | ||
|
|
||
| $CurrentCIMSession = 0 | ||
| } | ||
|
|
||
| PROCESS { | ||
| foreach ($Session in $CimSession) { | ||
| $ComputerName = $Session.ComputerName | ||
| if (-not $Session.ComputerName) { $ComputerName = 'localhost' } | ||
|
|
||
| # Display a progress activity for each CIM session | ||
| Write-Progress -Id 1 -Activity 'CimSweep - Installed App Compat database sweep' -Status "($($CurrentCIMSession+1)/$($CIMSessionCount)) Current computer: $ComputerName" -PercentComplete (($CurrentCIMSession / $CIMSessionCount) * 100) | ||
| $CurrentCIMSession++ | ||
|
|
||
| $CommonArgs = @{} | ||
|
|
||
| if ($Session.Id) { $CommonArgs['CimSession'] = $Session } | ||
|
|
||
| # Collect all of the GUIDs for which each shimmed executable is associated. | ||
| $ShimmedExecutablesTable = Get-CSRegistryKey -Hive HKLM -SubKey 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom' @CommonArgs | | ||
| Get-CSRegistryValue -ValueNameOnly | Group-Object -Property ValueName -AsHashTable | ||
|
|
||
| $InstalledSdb = Get-CSRegistryKey -Hive HKLM -SubKey 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSdb' @CommonArgs | ||
| $CurrentSdb = 0 | ||
|
|
||
| foreach ($Database in $InstalledSdb) { | ||
| $GUID = $Database.SubKey.Split('\')[-1] | ||
|
|
||
| Write-Progress -Id 2 -ParentId 1 -Activity "Current database:" -Status "($($CurrentSdb+1)/$($InstalledSdb.Count)) $GUID" -PercentComplete (($CurrentSdb / $InstalledSdb.Count) * 100) | ||
| $CurrentSdb++ | ||
|
|
||
| $DatabaseDetails = $Database | Get-CSRegistryValue | Group-Object -Property ValueName -AsHashTable | ||
|
|
||
| $DatabasePath = $DatabaseDetails['DatabasePath'].ValueContent | ||
| $DatabasePathDir = Split-Path -Path $DatabasePath -Parent | ||
| $DatabasePathFileName = Split-Path -Path $DatabasePath -Leaf | ||
| $DatabaseFileInfo = Get-CSDirectoryListing -DirectoryPath $DatabasePathDir -FileName $DatabasePathFileName @CommonArgs | ||
|
|
||
| $ShimmedExecutables = $ShimmedExecutablesTable["$GUID.sdb"] | ForEach-Object { $_.Subkey.Split('\')[-1] } | ||
|
|
||
| $IsPresentInAddRemovePrograms = $False | ||
|
|
||
| $Result = Get-CSRegistryValue -Hive HKLM -SubKey "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$GUID.sdb" -ValueNameOnly @CommonArgs | ||
|
|
||
| if ($Result) { | ||
| $IsPresentInAddRemovePrograms = $True | ||
| } | ||
|
|
||
| $ObjectProperties = [Ordered] @{ | ||
| PSTypeName = 'CimSweep.AppCompatDB' | ||
| DatabaseGUID = $GUID | ||
| DatabaseName = $DatabaseDetails['DatabaseDescription'].ValueContent | ||
| DatabasePath = $DatabasePath | ||
| DatabaseType = $DatabaseDetails['DatabaseType'].ValueContent | ||
| InstallDateTime = [DateTime]::FromFileTimeUtc($DatabaseDetails['DatabaseInstallTimeStamp'].ValueContent) | ||
| ShimmedExecutables = $ShimmedExecutables | ||
| IsPresentInAddRemovePrograms = $IsPresentInAddRemovePrograms | ||
| FileInfo = $DatabaseFileInfo | ||
| } | ||
|
|
||
| if ($Database.PSComputerName) { | ||
| $ObjectProperties['PSComputerName'] = $_.PSComputerName | ||
| } | ||
|
|
||
| [PSCustomObject] $ObjectProperties | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| Export-ModuleMember -Function Get-CSInstalledAppCompatShimDatabase |
Oops, something went wrong.