Testing Powershell app detection

This commit is contained in:
Fmstrat 2020-11-18 09:51:49 -05:00 committed by Oskar Manhart
parent 7d059087d9
commit fe5e5f0b5d

364
install/ExtractPrograms.ps1 Normal file
View File

@ -0,0 +1,364 @@
# powershell.exe -ExecutionPolicy Bypass -File \\tsclient\home\Documents\Repos\winapps\install\ExtractPrograms.ps1
Function Get-Icon {
<#
Get-Icon License:
License
The MIT License (MIT)
Copyright (c)
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#>
<#
.SYNOPSIS
Gets the icon from a file
.DESCRIPTION
Gets the icon from a file and displays it in a variety formats.
.PARAMETER Path
The path to a file to get the icon
.PARAMETER ToBytes
Displays outputs as a byte array
.PARAMETER ToBitmap
Display the icon as a bitmap object
.PARAMETER ToBase64
Displays the icon in Base64 encoded format
.NOTES
Name: Get-Icon
Author: Boe Prox
Version History:
1.0 //Boe Prox - 11JAN2016
- Initial version
.OUTPUT
System.Drawing.Icon
System.Drawing.Bitmap
System.String
System.Byte[]
.EXAMPLE
Get-Icon -Path 'C:\windows\system32\WindowsPowerShell\v1.0\PowerShell.exe'
FullName : C:\windows\system32\WindowsPowerShell\v1.0\PowerShell.exe
Handle : 164169893
Height : 32
Size : {Width=32, Height=32}
Width : 32
Description
-----------
Returns the System.Drawing.Icon representation of the icon
.EXAMPLE
Get-Icon -Path 'C:\windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -ToBitmap
Tag :
PhysicalDimension : {Width=32, Height=32}
Size : {Width=32, Height=32}
Width : 32
Height : 32
HorizontalResolution : 96
VerticalResolution : 96
Flags : 2
RawFormat : [ImageFormat: b96b3caa-0728-11d3-9d7b-0000f81ef32e]
PixelFormat : Format32bppArgb
Palette : System.Drawing.Imaging.ColorPalette
FrameDimensionsList : {7462dc86-6180-4c7e-8e3f-ee7333a7a483}
PropertyIdList : {}
PropertyItems : {}
Description
-----------
Returns the System.Drawing.Bitmap representation of the icon
.EXAMPLE
$FileName = 'C:\Temp\PowerShellIcon.png'
$Format = [System.Drawing.Imaging.ImageFormat]::Png
(Get-Icon -Path 'C:\windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -ToBitmap).Save($FileName,$Format)
Description
-----------
Saves the icon as a file.
.EXAMPLE
Get-Icon -Path 'C:\windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -ToBase64
AAABAAEAICAQHQAAAADoAgAAFgAAACgAAAAgAAAAQAAAAAEABAAAAAAAgAIAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAACAAACAAAAAgIAAgAAAAIAAgACAgAAAgICAAMDAwAAAAP8AAP8AAAD//wD/AAAA/wD/AP
//AAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmZmZmZmZmZmZmZgAAAAAAaId3d3d3d4iIiIdgAA
AHdmhmZmZmZmZmZmZoZAAAB2ZnZmZmZmZmZmZmZ3YAAAdmZ3ZmiHZniIiHZmaGAAAHZmd2Zv/4eIiIi
GZmhgAAB2ZmdmZ4/4eIh3ZmZnYAAAd2ZnZmZo//h2ZmZmZ3YAAHZmaGZmZo//h2ZmZmd2AAB3Zmd2Zm
Znj/h2ZmZmhgAAd3dndmZmZuj/+GZmZoYAAHd3dod3dmZuj/9mZmZ2AACHd3aHd3eIiP/4ZmZmd2AAi
Hd2iIiIiI//iId2ZndgAIiIhoiIiIj//4iIiIiIYACIiId4iIiP//iIiIiIiGAAiIiIaIiI//+IiIiI
iIhkAIiIiGiIiP/4iIiIiIiIdgCIiIhoiIj/iIiIiIiIiIYAiIiIeIiIiIiIiIiIiIiGAAiIiIaP///
////////4hgAAAAAGZmZmZmZmZmZmZmYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD////////////////gA
AAf4AAAD+AAAAfgAAAHAAAABwAAAAcAAAAHAAAAAwAAAAMAAAADAAAAAwAAAAMAAAABAAAAAQAAAAEA
AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP4AAAH//////////////////////////w==
Description
-----------
Returns the Base64 encoded representation of the icon
.EXAMPLE
Get-Icon -Path 'C:\windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -ToBase64 | Clip
Description
-----------
Returns the Base64 encoded representation of the icon and saves it to the clipboard.
.EXAMPLE
(Get-Icon -Path 'C:\windows\system32\WindowsPowerShell\v1.0\PowerShell.exe' -ToBytes) -Join ''
0010103232162900002322002200040000320006400010400000128200000000000000000000000
0128001280001281280128000128012801281280012812812801921921920002550025500025525
5025500025502550255255002552552550000000000000000000000000000000000000000000000
0000000000000000000000000000000000006102102102102102102102102102102960000613611
9119119119119120136136136118000119102134102102102102102102102102102134640011810
2118102102102102102102102102102119960011810211910210413510212013613611810210496
0011810211910211125513513613613613410210496001181021031021031432481201361191021
0210396001191021031021021042552481181021021021031180011810210410210210214325513
5102102102103118001191021031181021021031432481181021021021340011911910311810210
2102232255248102102102134001191191181351191181021101432551021021021180013511911
8135119119136136255248102102102119960136119118136136136136143255136135118102119
9601361361341361361361362552551361361361361369601361361351201361361432552481361
3613613613696013613613610413613625525513613613613613613610001361361361041361362
5524813613613613613613611801361361361041361362551361361361361361361361340136136
1361201361361361361361361361361361361340813613613414325525525525525525525525524
8134000061021021021021021021021021021021020000000000000000000000000000000000000
0000000000000000000000000000000000000000000025525525525525525525525525525525525
5224003122400152240072240070007000700070003000300030003000300010001000100010000
0000000000000000000012800025400125525525525525525525525525525525525525525525525
5255255255255
Description
-----------
Returns the bytes representation of the icon. -Join was used in this for the sake
of displaying all of the data.
#>
[cmdletbinding(
DefaultParameterSetName = '__DefaultParameterSetName'
)]
Param (
[parameter(ValueFromPipelineByPropertyName=$True)]
[ValidateNotNullorEmpty()]
[string]$Path,
[parameter(ParameterSetName = 'Bytes')]
[switch]$ToBytes,
[parameter(ParameterSetName = 'Bitmap')]
[switch]$ToBitmap,
[parameter(ParameterSetName = 'Base64')]
[switch]$ToBase64
)
Begin {
If ($PSBoundParameters.ContainsKey('Debug')) {
$DebugPreference = 'Continue'
}
Add-Type -AssemblyName System.Drawing
}
Process {
$Path = Convert-Path -Path $Path
Write-Debug $Path
If (Test-Path -Path $Path) {
#$Icon = [System.Drawing.Icon]::ExtractAssociatedIcon($Path)|
$Icon = [System.Drawing.Icon]::ExtractAssociatedIcon($Path)|
Add-Member -MemberType NoteProperty -Name FullName -Value $Path -PassThru
If ($PSBoundParameters.ContainsKey('ToBytes')) {
Write-Verbose "Retrieving bytes"
$MemoryStream = New-Object System.IO.MemoryStream
$Icon.save($MemoryStream)
Write-Debug ($MemoryStream | Out-String)
$MemoryStream.ToArray()
$MemoryStream.Flush()
$MemoryStream.Dispose()
} ElseIf ($PSBoundParameters.ContainsKey('ToBitmap')) {
$Icon.ToBitMap()
} ElseIf ($PSBoundParameters.ContainsKey('ToBase64')) {
$MemoryStream = New-Object System.IO.MemoryStream
$Icon.save($MemoryStream)
Write-Debug ($MemoryStream | Out-String)
$Bytes = $MemoryStream.ToArray()
$MemoryStream.Flush()
$MemoryStream.Dispose()
[convert]::ToBase64String($Bytes)
} Else {
$Icon
}
} Else {
Write-Warning "$Path does not exist!"
Continue
}
}
}
Function Export-Icon {
<#
.SYNOPSIS
Export-Icon exports high-quality icons stored within .DLL and .EXE files.
.DESCRIPTION
Export-Icon can export to a number of formats, including ico, bmp, png, jpg, gif, emf, exif, icon, tiff, and wmf. In addition, it can also export to a different size.
This function quickly exports *all* icons stored within the resource file.
.PARAMETER Path
Path to the .dll or .exe
.PARAMETER Directory
Directory where the exports should be stored. If no directory is specified, all icons will be exported to the TEMP directory.
.PARAMETER Size
This specifies the pixel size of the exported icons. All icons will be squares, so if you want a 16x16 export, it would be -Size 16.
Valid sizes are 8, 16, 24, 32, 48, 64, 96, and 128. The default is 32.
.PARAMETER Type
This is the type of file you would like to export to. The default is .ico
Valid types are ico, bmp, png, jpg, gif, emf, exif, icon, tiff, and wmf. The default is ico.
.NOTES
Author: Chrissy LeMaire
Requires: PowerShell 3.0
Version: 2.0
DateUpdated: 2016-June-6
.LINK
https://gallery.technet.microsoft.com/scriptcenter/Export-Icon-from-DLL-and-9d309047
.EXAMPLE
Export-Icon C:\windows\system32\imageres.dll
Exports all icons stored witin C:\windows\system32\imageres.dll to $env:temp\icons. Creates directory if required and automatically opens output directory.
.EXAMPLE
Export-Icon -Path "C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe" -Size 64 -Type png -Directory C:\temp
Exports the high-quality icon within VpxClient.exe to a transparent png in C:\temp\. Resizes the exported image to 64x64. Creates directory if required
and automatically opens output directory.
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[string]$Path,
[string]$Directory,
[ValidateSet(8,16,24,32,48,64,96,128)]
[int]$Size = 32,
[ValidateSet("ico","bmp","png","jpg","gif", "jpeg", "emf", "exif", "icon", "tiff", "wmf")]
[string]$Type = "ico"
)
BEGIN {
# Thanks Thomas Levesque at http://bit.ly/1KmLgyN and darkfall http://git.io/vZxRK
$code = '
using System;
using System.Drawing;
using System.Runtime.InteropServices;
using System.IO;
namespace System {
public class IconExtractor {
public static Icon Extract(string file, int number, bool largeIcon) {
IntPtr large;
IntPtr small;
ExtractIconEx(file, number, out large, out small, 1);
try { return Icon.FromHandle(largeIcon ? large : small); }
catch { return null; }
}
[DllImport("Shell32.dll", EntryPoint = "ExtractIconExW", CharSet = CharSet.Unicode, ExactSpelling = true, CallingConvention = CallingConvention.StdCall)]
private static extern int ExtractIconEx(string sFile, int iIndex, out IntPtr piLargeVersion, out IntPtr piSmallVersion, int amountIcons);
}
}
public class PngIconConverter
{
public static bool Convert(System.IO.Stream input_stream, System.IO.Stream output_stream, int size, bool keep_aspect_ratio = false)
{
System.Drawing.Bitmap input_bit = (System.Drawing.Bitmap)System.Drawing.Bitmap.FromStream(input_stream);
if (input_bit != null)
{
int width, height;
if (keep_aspect_ratio)
{
width = size;
height = input_bit.Height / input_bit.Width * size;
}
else
{
width = height = size;
}
System.Drawing.Bitmap new_bit = new System.Drawing.Bitmap(input_bit, new System.Drawing.Size(width, height));
if (new_bit != null)
{
System.IO.MemoryStream mem_data = new System.IO.MemoryStream();
new_bit.Save(mem_data, System.Drawing.Imaging.ImageFormat.Png);
System.IO.BinaryWriter icon_writer = new System.IO.BinaryWriter(output_stream);
if (output_stream != null && icon_writer != null)
{
icon_writer.Write((byte)0);
icon_writer.Write((byte)0);
icon_writer.Write((short)1);
icon_writer.Write((short)1);
icon_writer.Write((byte)width);
icon_writer.Write((byte)height);
icon_writer.Write((byte)0);
icon_writer.Write((byte)0);
icon_writer.Write((short)0);
icon_writer.Write((short)32);
icon_writer.Write((int)mem_data.Length);
icon_writer.Write((int)(6 + 16));
icon_writer.Write(mem_data.ToArray());
icon_writer.Flush();
return true;
}
}
return false;
}
return false;
}
public static bool Convert(string input_image, string output_icon, int size, bool keep_aspect_ratio = false)
{
System.IO.FileStream input_stream = new System.IO.FileStream(input_image, System.IO.FileMode.Open);
System.IO.FileStream output_stream = new System.IO.FileStream(output_icon, System.IO.FileMode.OpenOrCreate);
bool result = Convert(input_stream, output_stream, size, keep_aspect_ratio);
input_stream.Close();
output_stream.Close();
return result;
}
}
'
Add-Type -TypeDefinition $code -ReferencedAssemblies System.Drawing, System.IO -ErrorAction SilentlyContinue
}
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\*" |
Select-Object -Property "(default)" -Unique |
Where-Object {$_."(default)" -ne $null} |
ForEach-Object {
$Icon = Get-Icon -Path $_."(default)".Trim('"') -ToBase64
}