Sep 16 2012 1:17PM GMT
Posted by: Richard Siddaway
PowerShell
Decoding the mounted device information
Posted by: Richard Siddaway
PowerShell
In the previous post we looked at how to read the mounted device information. The data is in binary though – if you want it readable and not all of it is readable – try this
$data = @() Get-Item -Path HKLM:\SYSTEM\MountedDevices | select -ExpandProperty Property | where {$_ -like "\Dos*"} | foreach { $name = $_ $bin = (Get-ItemProperty -Path HKLM:\SYSTEM\MountedDevices -Name $name)."$name" $decoded = @() $bin | foreach { $decoded += [char]$_ } $data += New-Object -TypeName psobject -Property @{ Device = $name BinaryValue = $bin DecodedValue = $($decoded -join "") } } $data | Format-Table Device, DecodedValue -AutoSize
Same as last time except for the loop through the binary data using [char] to decode the ASCII values. use –join to make a string rather than an array. The apparent gaps in the resultant string are because we’re dealing with Unicode
Comment
RSS Feed
Email a friend
