CODEWITHSUNDEEP
powershellregistry
Carsten
Carsten

Reputation: 2191

Powershell: Cannot read a specific Registry-Value

I am struggling to read this REG-value via Powershell 5:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\DAFWSDProvider\urn:uuid:cfe92100-67c4-11d4-a45f-0026abfabc42/uri:urn:uuid:cfe92100-67c4-11d4-a45f-0026abfabc42/01]
"Driver"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}\\0000"

Even the autocomplete-function in Powershell showing me the REG-path to that key is not working properly. Why is it failing? How can I get this value?

This is the code which is surprisingly NOT working as expected:

$sub = 'urn:uuid:cfe92100-67c4-11d4-a45f-0026abfabc42/uri:urn:uuid:cfe92100-67c4-11d4-a45f-0026abfabc42/01'
get-Item -literalPath "HKLM:\SYSTEM\CurrentControlSet\Enum\SWD\DAFWSDProvider\$sub"

Here a screenshot of the subkey that I cannot read: enter image description here

I could now drill it down to this situation:

  1. subkey 'urn:uuid:cfe92100-67c4-11d4-a45f-0026abfabc42' -> OK
  2. subkey 'uuid:cfe92100-67c4-11d4-a45f-0026abfabc42/u' -> OK
  3. subkey 'urn:uuid:cfe92100-67c4-11d4-a45f-0026abfabc42/u' -> fail!
  4. subkey 'urn:uuid:cfe92100-67c4-11d4-a45f-0026abfabc42/u' under HKLM:\Software -> OK

Upvotes: 1

Views: 1135

Answers (3)

Carsten
Carsten

Reputation: 2191

At the end it turns out, that I had to use a different Syntax for the REG-Path to make the call work - very strange!

See this code:

$prefix1 = "Registry::HKEY_LOCAL_MACHINE"
$prefix2 = "HKLM:"
$subDir = "urn:uuid:cfe92100-67c4-11d4-a45f-0026abfabc42/uri:urn:uuid:cfe92100-67c4-11d4-a45f-0026abfabc42/01"
get-item "$prefix1\SYSTEM\CurrentControlSet\Enum\SWD\DAFWSDProvider\$subDir"
get-item "$prefix2\SYSTEM\CurrentControlSet\Enum\SWD\DAFWSDProvider\$subDir"

The first "get-item" call using prefix1 is working fine while the second one is not returning anything back.

Lession learned: Better use the longer REG-Prefix like in the original PSPATH to avoid any unexpected side-effects.

Upvotes: 1

Tomalak
Tomalak

Reputation: 338118

Using Sysinternals Process Explorer, I've discovered what happens.

PowerShell replaces the forward slashes in the path unconditionally with backslashes, even when you use -LiteralPath.

Screenshot of failing registry access

That's clearly a bug.

To work around it, you can use the PSPath of the registry key, apparently PowerShell leaves those alone. For the local registry, the PSPath always starts like this:

Microsoft.PowerShell.Core\Registry::

and after that goes on with the regular key name as it would appear in RegEdit.

$path = "Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\DAFWSDProvider\urn:uuid:e3248000-80ce-11db-8000-30055c83410f/uri:e3248000-80ce-11db-8000-30055c83410f/PrinterService"

Get-Item $path

PSPaths are an integral part of anything that Powershell treats as one of its drives. You can select them, or access the .PSPath property:

$path = "Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\DAFWSDProvider"

Get-ChildItem $path | Select -ExpandProperty PSPath

(Get-Item C:\).PSPath

Upvotes: 2

Shaqil Ismail
Shaqil Ismail

Reputation: 1951

From Microsoft's PowerShell documentation, you can decide if you would like to view the entries as a list or to retrieve a single registry key.

https://learn.microsoft.com/en-us/powershell/scripting/samples/working-with-registry-entries?view=powershell-7.1

Upvotes: 1

Related Questions