Registry key issue

This topic contains 4 replies, has 4 voices, and was last updated by  Dave Wyatt 4 years, 3 months ago.

  • Author
    Posts
  • #9669

    spi65210
    Participant

    Ok, so I am attempting to get a programs version number by accessing the registry key that holds it.

    Here is my code:

    Function StartRemRegSvc {

    (get-wmiobject -computer $strcomputer win32_service -filter "name='RemoteRegistry'").invokemethod("StartService",$null)

    }
    Function GetAppVer {

    get-regvalue -computername $strcomputer -key "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16F60D62-07F4-4077-8BE2-2180ABC32349}"

    }

    $computerlist = "h:\myscripts\test.txt"

    $arrComputers = get-Content -Path $computerlist

    foreach ($strComputer in $arrComputers){

    StartRemRegSvc

    GetAppVer >> h:\myscripts\AppVer.txt

    }

    The problem i have is that powershell tells me that key is not there. I know it is and i have gone over it a million times. If i change to a generic key in the "Uninstall" folder like "WIC" the code works like a charm. Does it have something to do with the braces? What am i missing here?

  • #9672

    Rob Simmers
    Participant

    First, I assume you are using the Powershell Remote Registry from http://psrr.codeplex.com/wikipage?title=Get-RegValue. I downloaded it and it looks like they are calling a .NET method to do the remote registry connection. The issue could be the brackets because it might at some point be doing a String.Format or thinking that is what you attempting to do because there are brackets in the string. Look at the example below:

    `
    PS C:\Windows\system32> "This is a {0} string format" -f "Test"
    This is a Test string format
    
    PS C:\Windows\system32> "This is a {0} string format {16F60D62-07F4-4077-8BE2-2180ABC32349}" -f "Test"
    Error formatting a string: Index (zero based) must be greater than or equal to zero and less than the size of the argument list..
    At line:1 char:1
    + "This is a {0} string format {16F60D62-07F4-4077-8BE2-2180ABC32349}" -f "Test"
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (This is a {0} s...2-2180ABC32349}:String) [], RuntimeException
        + FullyQualifiedErrorId : FormatError
     
    
    PS C:\Windows\system32> "This is a {0} string format {{16F60D62-07F4-4077-8BE2-2180ABC32349}}" -f "Test"
    This is a Test string format {16F60D62-07F4-4077-8BE2-2180ABC32349}`

    So, try using double braces which will escape the braces you are attempting to pass: "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{{16F60D62-07F4-4077-8BE2-2180ABC32349}}"

    Just a guess. Let us know if that works. Thanks.

  • #9690

    spi65210
    Participant

    Thanks, I was guessing that the braces are the issue because that key is definitely there. And yes I am using the PS Remote Registry module. I tested with the double brackets and am continuing to get the same result, I have also tested without braces and without quotes all return the same error.

    Just to confirm that I am not crazy I went ahead and tested that same key with get-itemproperty on the target machine and i am able to get results.

    Any other ideas?

  • #9691

    Steven Presley
    Participant

    It's probably nothing, but have you tried using single quotes instead of double quotes when using Get-RegValue. For example:

    get-regvalue -computername $strcomputer -key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16F60D62-07F4-4077-8BE2-2180ABC32349}'

    I'm just wondering if it's hitting some kind of error because all of the examples on the Wiki for this tool shows it not using any quotes at all and I'm wondering if the usage of double quotes is causing it to try to interpret what you're passing. Another option, sticking with the examples provided for this cmdlet\module is to not use quotes at all:

    get-regvalue -computername $strcomputer -key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16F60D62-07F4-4077-8BE2-2180ABC32349}

    Neither of these could be it, but it seems worth a try.

  • #9692

    Dave Wyatt
    Moderator

    I've never used that particular module before, and would have to step through the code in a test environment to try to find the problem.

    You have a dependency on WMI in your code anyway (to start the Remote Registry service), so you have the option of using the StdRegProv WMI class instead of this other module, if it works any better. Here's a quick implementation that uses WMI, see if it works. (It's not meant to be pretty; you might want to break some of the code out into other functions instead of having one big one called GetAppVer. This is just a test to see if this approach would meet your needs).

    function GetAppVer {
        [CmdletBinding()]
        param (
            [Parameter(Mandatory=$true,Position=0,ValueFromPipeline=$true)]
            [System.String]
            $ComputerName
        )
    
        try
        {
            $provider = [wmiclass]"\\$ComputerName\root\default:StdRegProv"
        }
        catch
        {
            throw
        }
        
        $HKLM = [System.UInt32]0x80000002L
    
        $REG_SZ = 1
        $REG_EXPAND_SZ = 2
        $REG_BINARY = 3
        $REG_DWORD = 4
        $REG_MULTI_SZ = 7
        $REG_QWORD = 11
    
        $key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16F60D62-07F4-4077-8BE2-2180ABC32349}"
        
        $result = $provider.EnumValues($HKLM, $key)
    
        if ($result.ReturnValue -eq 0)
        {
            for ($i = 0; $i -lt $result.sNames.Length; $i++)
            {
                switch ($result.Types[$i])
                {
                    $REG_SZ {
                        $result2 = $provider.GetStringValue($HKLM, $key, $result.sNames[$i])
                        
                        if ($result2.ReturnValue -eq 0)
                        {
                            New-Object psobject -Property @{ ComputerName=$ComputerName; ValueName=$result.sNames[$i]; Value=$result2.sValue }
                        }
                        else
                        {
                            Write-Error "Error retrieving value $key\$($result.sNames[$i]): $($result2.ReturnValue)"
                        }
    
                        break
                    }
    
                    $REG_EXPAND_SZ {
                        $result2 = $provider.GetExpandedStringValue($HKLM, $key, $result.sNames[$i])
                        
                        if ($result2.ReturnValue -eq 0)
                        {
                            New-Object psobject -Property @{ ComputerName=$ComputerName; ValueName=$result.sNames[$i]; Value=$result2.sValue }
                        }
                        else
                        {
                            Write-Error "Error retrieving value $key\$($result.sNames[$i]): $($result2.ReturnValue)"
                        }
    
                        break
                    }
    
                    $REG_MULTI_SZ {
                        $result2 = $provider.GetMultiStringValue($HKLM, $key, $result.sNames[$i])
                        
                        if ($result2.ReturnValue -eq 0)
                        {
                            New-Object psobject -Property @{ ComputerName=$ComputerName; ValueName=$result.sNames[$i]; Value=$result2.sValue }
                        }
                        else
                        {
                            Write-Error "Error retrieving value $key\$($result.sNames[$i]): $($result2.ReturnValue)"
                        }
    
                        break
                    }
    
                    $REG_DWORD {
                        $result2 = $provider.GetDWORDValue($HKLM, $key, $result.sNames[$i])
                        
                        if ($result2.ReturnValue -eq 0)
                        {
                            New-Object psobject -Property @{ ComputerName=$ComputerName; ValueName=$result.sNames[$i]; Value=$result2.uValue }
                        }
                        else
                        {
                            Write-Error "Error retrieving value $key\$($result.sNames[$i]): $($result2.ReturnValue)"
                        }
    
                        break
                    }
    
                    $REG_QWORD {
                        $result2 = $provider.GetQWORDValue($HKLM, $key, $result.sNames[$i])
                        
                        if ($result2.ReturnValue -eq 0)
                        {
                            New-Object psobject -Property @{ ComputerName=$ComputerName; ValueName=$result.sNames[$i]; Value=$result2.uValue }
                        }
                        else
                        {
                            Write-Error "Error retrieving value $key\$($result.sNames[$i]): $($result2.ReturnValue)"
                        }
    
                        break
                    }
    
                    $REG_BINARY {
                        $result2 = $provider.GetBinaryValue($HKLM, $key, $result.sNames[$i])
                        
                        if ($result2.ReturnValue -eq 0)
                        {
                            New-Object psobject -Property @{ ComputerName=$ComputerName; ValueName=$result.sNames[$i]; Value=$result2.uValue }
                        }
                        else
                        {
                            Write-Error "Error retrieving value $key\$($result.sNames[$i]): $($result2.ReturnValue)"
                        }
    
                        break
                    }
    
                    default {
                        Write-Error "Unexpected data type encountered.  Value: $key\$($result.sNames[$i]).  Type: $($result.Types[$i])."
                    }
                }
            }
        }
        else
        {
            throw "EnumValues on computer '$ComputerName' returned error code $($result.ReturnValue)."
        }
    }
    
    $computerlist = "h:\myscripts\test.txt"
    
    $arrComputers = get-Content -Path $computerlist
    
    foreach ($strComputer in $arrComputers){
        GetAppVer -ComputerName $strComputer >> h:\myscripts\AppVer.txt
    }
    

You must be logged in to reply to this topic.