That wasn’t a full solution, though, because using the function directly requires a ton of work. You have to create empty variables and pass a very large number of parameters to the function. Today we’re going to create a reusable tool by wrapping that code in a Windows PowerShell function.<\/p>\n
First we have to come up with a name for the function, and to do that properly, we need to know what it’s going to do. I plan to make it take a RegistryKey<\/b> object (returned from Get-Item<\/b> or Get-ChildItem<\/b>) or a string to a registry path (which we would pass to Get-Item<\/b> to get a RegistryKey<\/b> object), get the extra key information by using the P\/Invoke function, and then add the information as extra NoteProperties<\/b> on the RegistryKey<\/b> object. Because we’ll be adding properties, we’re going to name the function Add-RegKeyMember<\/b>. With these requirements, let’s start with the following function declaration:<\/p>\n
#requires -version 3.0<\/p>\n
function Add-RegKeyMember {<\/p>\n
<\/p>\n
[CmdletBinding()]<\/p>\n
param(<\/p>\n
[Parameter(Mandatory, ParameterSetName="ByKey", Position=0, ValueFromPipeline)]<\/p>\n
# Registry key object returned from Get-ChildItem or Get-Item<\/p>\n
[Microsoft.Win32.RegistryKey] $RegistryKey,<\/p>\n
[Parameter(Mandatory, ParameterSetName="ByPath", Position=0)]<\/p>\n
# Path to a registry key<\/p>\n
[string] $Path<\/p>\n
)<\/p>\n
<\/p>\n
begin {<\/p>\n
}<\/p>\n
<\/p>\n
process {<\/p>\n
}<\/p>\n
}<\/p>\n
First, we have a #requires<\/b> statement because we’re using some features that require Windows PowerShell 3.0. Next, we declare the function and its parameters. Right now, there are only two parameters:<\/p>\n
$RegistryKey<\/b> This is an object that is returned from Get-ChildItem<\/b> or Get-Item<\/b> when a registry path has been passed.<\/p>\n
$Path<\/b> This is a string that represents a registry path, for example, HKLM:\\Software. This path will be passed to Get-Item<\/b>, and the RegistryKey<\/b> object that is returned will be used.<\/p>\n
Both parameters are mandatory, but they are in different parameter sets. This means that you must have one or the other, but not both. By creating the param()<\/b> block, we’ve told Windows PowerShell how to do a good bit of parameter validation. <\/p>\n
This is going to be an advanced function<\/a> that will accept pipeline input, so we create begin<\/b> and process<\/b> blocks. When the function is used in a pipeline, the begin<\/b> block will run once, and the process<\/b> block will run one time for each input that is sent to it. When it’s not used in a pipeline, both blocks will run once.<\/p>\n We’re going to take the Add-Type<\/b> call from yesterday and put that in the begin<\/b> block (if the custom type has already been loaded in the current PS session, it won’t be reloaded again). We’ll also use the begin<\/b> block to store our type in the $RegTools<\/b> variable:<\/p>\n begin {<\/p>\n # Define the namespace (string array creates nested namespace):<\/p>\n $Namespace = "HeyScriptingGuy"<\/p>\n <\/p>\n # Make sure type is loaded (this will only get loaded on first run):<\/p>\n Add-Type @"<\/p>\n using System;<\/p>\n using System.Text;<\/p>\n using System.Runtime.InteropServices;<\/p>\n <\/p>\n $($Namespace | ForEach-Object {<\/p>\n "namespace $_ {"<\/p>\n })<\/p>\n <\/p>\n public class advapi32 {<\/p>\n [DllImport("advapi32.dll", CharSet = CharSet.Auto)]<\/p>\n public static extern Int32 RegQueryInfoKey(<\/p>\n Microsoft.Win32.SafeHandles.SafeRegistryHandle hKey,<\/p>\n StringBuilder lpClass,<\/p>\n [In, Out] ref UInt32 lpcbClass,<\/p>\n UInt32 lpReserved,<\/p>\n out UInt32 lpcSubKeys,<\/p>\n out UInt32 lpcbMaxSubKeyLen,<\/p>\n out UInt32 lpcbMaxClassLen,<\/p>\n out UInt32 lpcValues,<\/p>\n out UInt32 lpcbMaxValueNameLen,<\/p>\n out UInt32 lpcbMaxValueLen,<\/p>\n out UInt32 lpcbSecurityDescriptor,<\/p>\n out System.Runtime.InteropServices.ComTypes.FILETIME lpftLastWriteTime<\/span><\/p>\n );<\/p>\n }<\/p>\n $($Namespace | ForEach-Object { "}" })<\/p>\n "@<\/p>\n <\/p>\n # Get a shortcut to the type: <\/p>\n $RegTools = ("{0}.advapi32" -f ($Namespace -join ".")) -as [type]<\/p>\n }<\/p>\n Next, it’s time to work on the process<\/strong> block:<\/p>\n process {<\/p>\n switch ($PSCmdlet.ParameterSetName) {<\/p>\n "ByKey" {<\/p>\n # Already have the key, no more work to be done \ud83d\ude42<\/p>\n }<\/p>\n <\/p>\n "ByPath" {<\/p>\n # We need a RegistryKey object (Get-Item should return that)<\/p>\n $Item = Get-Item -Path $Path -ErrorAction Stop<\/p>\n <\/p>\n # Make sure this is of type [Microsoft.Win32.RegistryKey]<\/p>\n if ($Item -isnot [Microsoft.Win32.RegistryKey]) {<\/p>\n throw "'$Path' is not a path to a registry key!"<\/p>\n }<\/p>\n $RegistryKey = $Item<\/p>\n }<\/p>\n }<\/p>\n <\/p>\n # Initialize variables that will be populated:<\/p>\n $ClassLength = 255 # Buffer size (class name is rarely used, and when it is, I've never seen<\/p>\n # it more than 8 characters. Buffer can be increased here, though.<\/p>\n $ClassName = New-Object System.Text.StringBuilder $ClassLength # Will hold the class name<\/p>\n $LastWriteTime = New-Object System.Runtime.InteropServices.ComTypes.FILETIME <\/p>\n <\/p>\n switch ($RegTools::RegQueryInfoKey($RegistryKey.Handle,<\/p>\n $ClassName,<\/p>\n [ref] $ClassLength,<\/p>\n $null, # Reserved<\/p>\n [ref] $null, # SubKeyCount<\/p>\n [ref] $null, # MaxSubKeyNameLength<\/p>\n [ref] $null, # MaxClassLength<\/p>\n [ref] $null, # ValueCount<\/p>\n [ref] $null, # MaxValueNameLength<\/p>\n [ref] $null, # MaxValueValueLength<\/p>\n [ref] $null, # SecurityDescriptorSize<\/p>\n [ref] $LastWriteTime<\/p>\n )) {<\/p>\n <\/p>\n 0 { # Success<\/p>\n # Convert to DateTime object:<\/p>\n $UnsignedLow = [System.BitConverter]::ToUInt32([System.BitConverter]::GetBytes($LastWriteTime.dwLowDateTime), 0)<\/p>\n $UnsignedHigh = [System.BitConverter]::ToUInt32([System.BitConverter]::GetBytes($LastWriteTime.dwHighDateTime), 0)<\/p>\n # Shift high part so it is most significant 32 bits, then copy low part into 64-bit int:<\/p>\n $FileTimeInt64 = ([Int64] $UnsignedHigh -shl 32) -bor $UnsignedLow<\/p>\n # Create datetime object<\/p>\n $LastWriteTime = [datetime]::FromFileTime($FileTimeInt64)<\/p>\n <\/p>\n # Add properties to object and output them to pipeline<\/p>\n $RegistryKey | Add-Member -NotePropertyMembers @{<\/p>\n LastWriteTime = $LastWriteTime<\/p>\n ClassName = $ClassName.ToString()<\/p>\n } -PassThru -Force<\/p>\n }<\/p>\n <\/p>\n 122 { # ERROR_INSUFFICIENT_BUFFER (0x7a)<\/p>\n throw "Class name buffer too small"<\/p>\n # function could be recalled with a larger buffer, but for<\/p>\n # now, just exit<\/p>\n }<\/p>\n <\/p>\n default {<\/p>\n throw "Unknown error encountered (error code $_)"<\/p>\n }<\/p>\n }<\/p>\n }<\/p>\n What the process block does is very simple:<\/p>\n First, it checks to see if a RegistryKey<\/b> object or a path was passed to the function. If it was a RegistryKey<\/b> object, it moves along without doing anything else. If it was a path, it calls Get-Item<\/b> to get a RegistryKey<\/b> object.<\/p>\n Next, it calls the same code from yesterday’s post. We’re having it get the class name and the last write time (registry keys with class names are very rare, but there are a few). The only thing extra is that the return code from RegQueryInfoKey<\/b> is being captured in a switch statement. If the result is 0, the call was successful, and the extra info is added to the original RegistryKey<\/b> object by using Add-Member<\/b>.<\/p>\n The only other known return code in the switch statement is 122<\/b>, which means that the class name buffer was too small. Any other errors generate a generic termination error. If you ever come across a non-zero error code, you can easily add it to the switch block to give your user a specific error message.<\/p>\n Here is an example of using it:<\/p>\n That’s it for today. Tomorrow, we’re going to create a proxy function for Get-ChildItem<\/b> so that it automatically gets this information.<\/p>\n ~Rohn<\/p>\n Thank you, Rohn. Happy New Year’s Eve.<\/p>\n I invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n Ed Wilson, Microsoft Scripting Guy<\/b> <\/p>\n","protected":false},"excerpt":{"rendered":" Summary: Guest blogger, Rohn Edwards, discusses reusing code that obtains the last-modified time stamp from the registry. Microsoft Scripting Guy, Ed Wilson, is here. Today is the last day of the year, but don’t despair. We are here to share some Windows PowerShell goodies with you. Welcome back Rohn Edwards as our guest blogger this […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[56,31,26,342,3,45],"class_list":["post-2315","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-guest-blogger","tag-operating-system","tag-registry","tag-rohn-edwards","tag-scripting-guy","tag-windows-powershell"],"acf":[],"blog_post_summary":" Summary: Guest blogger, Rohn Edwards, discusses reusing code that obtains the last-modified time stamp from the registry. Microsoft Scripting Guy, Ed Wilson, is here. Today is the last day of the year, but don’t despair. We are here to share some Windows PowerShell goodies with you. Welcome back Rohn Edwards as our guest blogger this […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/2315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=2315"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/2315\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=2315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=2315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=2315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/hsg-12-31-13-1.png\")
<\/a><\/p>\n