Jumat, 26 Agustus 2011

New-Object -ComObject Shell.Application

Here are some notes on exposing  the Shell as a ComObject with Powershell. Here, I trace down the cookies folder:

$a = New-Object -ComObject Shell.Application
 foreach ($i in $b) {write "$i $($a | % {$_.Namespace($i).Self.Path})"}
32 C:\Users\rferrisx\AppData\Local\Microsoft\Windows\Temporary Internet Files
33 C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Cookies
34 C:\Users\rferrisx\AppData\Local\Microsoft\Windows\History
($a | % {ls -recurse $_.Namespace(33).Self.Path }).count

($a | % {ls -recurse $_.Namespace(33).Self.Path | gc }) | more


Powershell gives us some opportunities to look at Windows file structure internals. The output of these commands gives us the objects referenced by the file system for the Windows Shell:

$a = New-Object -ComObject Shell.Application


foreach ($i in $b) {write "$i $($a | % {$_.Namespace($i).Title})"}
foreach ($i in $b) {write "$i $($a | % {$_.Namespace($i).Self.Path})"}

I can line them up in  spreadsheet (as below). Some are file paths give as GUIDs (or CLSIDs?). Others are blank:

0 Desktop C:\Users\rferrisx\Desktop
1 The Internet ::{871C5380-42A0-1069-A2EA-08002B30309D}
2 Programs C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
3 All Control Panel Items ::{26EE0668-A00A-44D7-9371-BEB064C98683}\0
4 Printers ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{2227A280-3AEA-1069-A2DE-08002B30309D}
5 My Documents C:\Users\rferrisx\Documents
6 Favorites C:\Users\rferrisx\Favorites
7 Startup C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
8 Recent Items C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Recent
9 SendTo C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\SendTo
10 Recycle Bin ::{645FF040-5081-101B-9F08-00AA002F954E}
11 Start Menu C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu
12 12
13 My Music C:\Users\rferrisx\Music
14 My Videos C:\Users\rferrisx\Videos
15 15
16 Desktop C:\Users\rferrisx\Desktop
17 Computer ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
18 Network ::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
19 Network Shortcuts C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Network Shortcuts
20 Fonts C:\Windows\Fonts
21 Templates C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Templates
22 Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
23 Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
24 Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
25 Public Desktop C:\Users\Public\Desktop
26 Roaming C:\Users\rferrisx\AppData\Roaming
27 Printer Shortcuts C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
28 Local C:\Users\rferrisx\AppData\Local
29 Startup C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
30 Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
31 Favorites C:\Users\rferrisx\Favorites
32 Temporary Internet Files C:\Users\rferrisx\AppData\Local\Microsoft\Windows\Temporary Internet Files
33 Cookies C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Cookies
34 History C:\Users\rferrisx\AppData\Local\Microsoft\Windows\History
35 ProgramData C:\ProgramData
36 Windows C:\Windows
37 System32 C:\Windows\System32
38 Program Files C:\Program Files
39 My Pictures C:\Users\rferrisx\Pictures
40 rferrisx C:\Users\rferrisx
41 SysWOW64 C:\Windows\SysWOW64
42 Program Files (x86) C:\Program Files (x86)
43 Common Files C:\Program Files\Common Files
44 Common Files C:\Program Files (x86)\Common Files
45 Templates C:\ProgramData\Microsoft\Windows\Templates
46 Public Documents C:\Users\Public\Documents
47 Administrative Tools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
48 Administrative Tools C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
49 Network Connections ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
50 50
51 51
52 52
53 Public Music C:\Users\Public\Music
54 Public Pictures C:\Users\Public\Pictures
55 Public Videos C:\Users\Public\Videos
56 Resources C:\Windows\Resources
57 409 C:\Windows\Resources\0409
58 OEM Links C:\ProgramData\OEM Links
59 Temporary Burn Folder C:\Users\rferrisx\AppData\Local\Microsoft\Windows\Burn\Burn

What are those GUID (or CLSID) paths? The 49th appears to be the non-browsable folder:
"All Control Panel Items"\"Network Connections"

$a | % {$_.Namespace(49).ParentFolder.Self.GetFolder.Self}

Application  : System.__ComObject
Parent       : System.__ComObject
Name         : All Control Panel Items
Path         : ::{21EC2020-3AEA-1069-A2DD-08002B30309D}
GetLink      :
GetFolder    : System.__ComObject
IsLink       : False
IsFolder     : True
IsFileSystem : False
IsBrowsable  : False
ModifyDate   : 12/30/1899 12:00:00 AM
Size         : 0
Type         : System Folder

$a | % {$_.Namespace(49).ParentFolder.Self.GetFolder.Self.Name}
All Control Panel Items

$a | % {$_.Namespace(49).Self.GetFolder.Self}

Application  : System.__ComObject
Parent       : System.__ComObject
Name         : Network Connections
Path         : ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
GetLink      :
GetFolder    : System.__ComObject
IsLink       : False
IsFolder     : True
IsFileSystem : False
IsBrowsable  : False
ModifyDate   : 12/30/1899 12:00:00 AM
Size         : 0
Type         : System Folder

$a | % {$_.Namespace(49).Self.GetFolder.Self.Name}
Network Connections

Tidak ada komentar:

Posting Komentar