First, run this:
set-content RegProgs.mof @'
#pragma namespace("\\\\.\\root\\cimv2")
instance of __Win32Provider as $Instprov
{
Name ="RegProv" ;
ClsID = "{fe9af5c0-d3b6-11ce-a5b6-00aa00680c3f}" ;
};
instance of __InstanceProviderRegistration
{
Provider =$InstProv;
SupportsPut =TRUE;
SupportsGet =TRUE;
SupportsDelete =FALSE;
SupportsEnumeration = TRUE;
};
[dynamic, provider("RegProv"),
ProviderClsid("{fe9af5c0-d3b6-11ce-a5b6-00aa00680c3f}"),ClassContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall")]
class win32reg_arp
{
[key]
string ProdID;
[PropertyContext("DisplayName")]
string DisplayName;
[PropertyContext("Publisher")]
string Publisher;
[PropertyContext("DisplayVersion")]
string Version;
};
'@
It will create a file named "RegProgs.mof". This file is used by mofcomp.exe, which "compiler parses a file containing MOF statements and adds the classes and class instances defined in the file to the WMI repository. The following code example shows how to run the MOF compiler on a file." (Source)
Run:
mofcomp.exe RegProgs.mof
This will compile and add it to the local WMI repository.
Then, from PowerShell, you can
Get-WmiObject win32reg_arp
The .mof needs to be installed on any machine which you wish to scan.
Update: I have a non-.mof version here.
No comments:
Post a Comment