这段Powershell脚本怎么理解?


PowerShell交流中心分类: Powershell基础这段Powershell脚本怎么理解?
0
Wintersweet asked 6年 ago

$o = “Logged in users:`n” + (regv “hklm:\software\microsoft\windows nt\currentversion\profilelist” “profileimagepath”)
$o = $o + “`n PS Env:`n” + (regv “hklm:\software\microsoft\powershell” “allname”)$o = $o + “`n Shares:`n” + (regv “hklm:\SYSTEM\CurrentControlSet\services\LanmanServer\Shares” “all” “no”)
$o = $o + “`n Env vars:`n” + (regv “hklm:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment” “all” “no”)
$o = $o + “`n Current user:`n” + (regv “hkcu:\Volatile Environment” “all” “no”)$o = $o + “`n Installed Apps:`n” + (regv “hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” “displayname”)

$o = $o.Replace(“/”,”\”)
$pv = $o.Replace(“www”,”uuu”)
$r = [string]::Join(“`n”, $pv)
$ms = New-Object IO.MemoryStream
$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Compress)
$sw = New-Object System.IO.StreamWriter($cs)
$sw.Write($r)
$sw.Close()
$code = [Convert]::ToBase64String($ms.ToArray())
$code
这一段代码怎么理解?code是变成base64码了吗?如何通过code解码成$o呢

×用微信扫描并分享
1 Answers
0
Mooser Lee 管理员 answered 6年 ago

扫描某软件的安装信息,拼接成字符串,压缩转换成base64 string。
如何解码:
PS C:\Users\非苔> [convert]::FromBase64String
OverloadDefinitions
——————-
static byte[] FromBase64String(string s)
byte可以直接转换成stream。

Wintersweet replied 6年 ago

你好,我想问一下$o = $o.Replace(“/”,”\”) $pv = $o.Replace(“www”,”uuu”) 这两句怎么理解啊