Powershell: Working with the registry Part 1

Second to Windows Management Instrumentation, the registry is one of the most powerful tools you have as a potential money making skill set. It is also be one of the most dangerous and less understood tools of the trade.

With that said, let's jump right in.

HIVES

Sections of the registry are known as hives. The five most popular are:

1. HKEY_CLASSES_ROOT
2. HKEY_CURRENT_CONFIG
3. HKEY_CURRENT_USER
4. HKEY_LOCAL_MACHINE
5. HKEY_USERS

Prior to .Net, you had to know each of those as constants where and you had to the APIs needed to use them. With .Net, the ability to connect to the registry is as simple as this:
 

$regkey = [Microsoft.Win32.Registry]::ClassesRoot
[array]$Names = $regkey.OpenSubKey("DataLinks").GetSubKeyNames()
foreach($n in $Names)
{
write-host $n
}

This returns: CLSID
 
I add this to the Datalinks subkey and make the call again:

[string]$Value = $regkey.OpenSubKey("DataLinks\CLSID").GetValue("")
write-host $value

And this returns:
 
{2206CDB2-19C1-11D1-89E0-00C04FD7A829}



I can then go to the clsid section and glean information about the location of the file:

[string]$value = $regkey.OpenSubKey("clsid\{2206CDB2-19C1-11D1-89E0-00C04FD7A829}\InprocServer32").GetValue("")

And that returns:

C:\Program Files\Common Files\System\Ole DB\oledb32.dll