Skip to content

Commit

Permalink
Update Parse-PolicyFile.ps1
Browse files Browse the repository at this point in the history
  • Loading branch information
gtworek authored Sep 25, 2019
1 parent d25f00d commit 090e093
Showing 1 changed file with 13 additions and 2 deletions.
15 changes: 13 additions & 2 deletions GPO/Parse-PolicyFile.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,22 @@ if (Test-Path ($file2.FullName))
if ($text -cne "PReg")
{
Write-Host ("[???] Not looking like POL file "+$file2.FullName) -ForegroundColor Red
$row | Add-Member -Name "Format" -MemberType NoteProperty -Value "Invalid"
$row | Add-Member -Name "Root" -MemberType NoteProperty -Value "???"
$row | Add-Member -Name "Key" -MemberType NoteProperty -Value "???"
$row | Add-Member -Name "Value" -MemberType NoteProperty -Value "???"
$row | Add-Member -Name "Data" -MemberType NoteProperty -Value "???"
}
else
{
$row | Add-Member -Name "Format" -MemberType NoteProperty -Value "Valid"
#Let's extract root, key, value and data. Type and size to be ignored as not very interesting. Root (HKLM/HKCU) to be determined from name, ? for unknown
#assuming all pol files are unicode. let me know if you find different one.
$bytes = $bytes[8..($bytes.Count)]


$row | Add-Member -Name "Root" -MemberType NoteProperty -Value "root"
$row | Add-Member -Name "Key" -MemberType NoteProperty -Value "key"
$row | Add-Member -Name "Value" -MemberType NoteProperty -Value "value"
$row | Add-Member -Name "Data" -MemberType NoteProperty -Value "data"
}

$arrtmp2 += $row
Expand Down

0 comments on commit 090e093

Please sign in to comment.