Skip to content

Commit

Permalink
Linking help to public functions πŸ±β€πŸ
Browse files Browse the repository at this point in the history 
Pedantically cleaning up formatting πŸ±β€πŸ’» β˜•
  • Loading branch information
Ben Reader committed Jul 29, 2020
1 parent 237e2e2 commit 0133847
Show file tree
Hide file tree
Showing 9 changed files with 149 additions and 129 deletions.
4 changes: 2 additions & 2 deletions FU.WhyAmIBlocked/Private/Iterate-XMLTree.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
Function IterateXMLTree{
[cmdletbinding()]
Param (
Param (
$node,
[System.Collections.ArrayList]$Output
)
Try {
$obj = $node | Where-Object {$_.Name -ne '#text' -and !([string]::IsNullOrEmpty($_.'#text'))} | Select Name, @{N='Value';E={$_.'#text'}}, ParentNode
$obj = $node | Where-Object {$_.Name -ne '#text' -and !([string]::IsNullOrEmpty($_.'#text'))} | Select-Object Name, @{N='Value';E={$_.'#text'}}, ParentNode
If($obj) {
$Object = [PSCustomObject]@{
Name = $obj.Name
Expand Down
46 changes: 24 additions & 22 deletions FU.WhyAmIBlocked/Public/ConvertFrom-BinToXML.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
<#
.EXTERNALHELP FU.WhyAmIBlocked-help.xml
#>
#Copy .BIN files to the share for processing...

Function ConvertFrom-BinToXML {
[cmdletbinding()]
Param(
[parameter(Position = 1, Mandatory = $true)]
[string[]]
$FileList,

[parameter(Position = 2, Mandatory = $true)]
[string]
$OutputPath
Expand All @@ -18,25 +20,25 @@ Function ConvertFrom-BinToXML {
Write-Host " + Converting $($File) to .xml .. " -ForegroundColor Cyan -NoNewline
$XMLOutputFile = "$($OutputPath)\$($InputFile.Name)_HUMANREADABLE.XML"
$RunList = "$($OutputPath)\Appraiser_TelemetryRunList_$($InputFile.BaseName).xml"
$XML = @(
'<?xml version="1.0" encoding="UTF-8"?>',
'<WicaRun>',
' <RunInfos>',
' <RunInfo> ',
' <Component TypeIdentifier="InventoryBinaryDeserializer" SpecificIdentifier="InventoryBinaryDeserializer" Type="Inventory">',
' <Property Name="BinaryDeserializerTier" Value="Inventory" />',
' <Property Name="BinaryDeserializerTier" Value="DataSource" />',
' <Property Name="BinaryDeserializerTier" Value="DecisionMaker" />',
' <Property Name="BinaryDeserializerTier" Value="DecisionAggregator" />',
" <Property Name=`"BinaryDeserializerFilePath`" Value=`"$InputFile`" />",
' </Component>',
' <Component TypeIdentifier="OutputEverything" SpecificIdentifier="OutputEverything" Type="Outputter">',
" <Property Name=`"OutputFilePath`" Value=`"$XMLOutputFile`" />",
' </Component>',
' </RunInfo>',
' </RunInfos>',
'</WicaRun>' )
$XML = @(
'<?xml version="1.0" encoding="UTF-8"?>',
'<WicaRun>',
' <RunInfos>',
' <RunInfo> ',
' <Component TypeIdentifier="InventoryBinaryDeserializer" SpecificIdentifier="InventoryBinaryDeserializer" Type="Inventory">',
' <Property Name="BinaryDeserializerTier" Value="Inventory" />',
' <Property Name="BinaryDeserializerTier" Value="DataSource" />',
' <Property Name="BinaryDeserializerTier" Value="DecisionMaker" />',
' <Property Name="BinaryDeserializerTier" Value="DecisionAggregator" />',
" <Property Name=`"BinaryDeserializerFilePath`" Value=`"$InputFile`" />",
' </Component>',
' <Component TypeIdentifier="OutputEverything" SpecificIdentifier="OutputEverything" Type="Outputter">',
" <Property Name=`"OutputFilePath`" Value=`"$XMLOutputFile`" />",
' </Component>',
' </RunInfo>',
' </RunInfos>',
'</WicaRun>' )

$XML | Out-File -FilePath $RunList -Encoding utf8
$RunListXML = Get-Item -Path $RunList -ErrorAction SilentlyContinue
Set-Location -Path $OutputPath
Expand All @@ -48,4 +50,4 @@ Function ConvertFrom-BinToXML {
Catch {
Write-Warning $_
}
}
}
21 changes: 12 additions & 9 deletions FU.WhyAmIBlocked/Public/Export-BypassBlock.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
<#
.EXTERNALHELP FU.WhyAmIBlocked-help.xml
#>
Function Export-BypassBlock {
[cmdletbinding()]
Param (
Expand All @@ -18,17 +21,17 @@ Function Export-BypassBlock {

If(Test-Path $JsonFile) {
$obj = Get-Content -Path $JsonFile -Raw | ConvertFrom-Json

ForEach($Item in $obj.PSObject.Properties) {
$BlockName = $item.Value | Where-Object {$_.Name -eq "APP_NAME"} | Select -ExpandProperty Value
$BlockName = $item.Value | Where-Object {$_.Name -eq "APP_NAME"} | Select-Object -ExpandProperty Value
$BlockGUID = $item.Name
$RegKeys = $item.Value | Where-Object {$_.ParentNode -eq "MATCHING_REG"}
If($RegKeys) {
$NAME = $RegKeys | Where-Object {$_.Name -eq "NAME"} | Select -ExpandProperty Value
$REG_VALUE_NAME = $RegKeys | Where-Object {$_.Name -eq "REG_VALUE_NAME"} | Select -ExpandProperty Value
$NAME = $RegKeys | Where-Object {$_.Name -eq "NAME"} | Select-Object -ExpandProperty Value
$REG_VALUE_NAME = $RegKeys | Where-Object {$_.Name -eq "REG_VALUE_NAME"} | Select-Object -ExpandProperty Value
#$REG_VALUE_TYPE = $RegKeys | Where-Object {$_.Name -eq "REG_VALUE_TYPE"} | Select -ExpandProperty Value
$REG_VALUE_DATA_DWORD = $RegKeys | Where-Object {$_.Name -eq "REG_VALUE_DATA_DWORD"} | Select -ExpandProperty Value
$REG_VALUE_DATA_DWORD = $RegKeys | Where-Object {$_.Name -eq "REG_VALUE_DATA_DWORD"} | Select-Object -ExpandProperty Value

$OutRegFile = Join-Path -Path $WorkingPath -ChildPath "BypassFUBlock.reg"
$OutPS1File = Join-Path -Path $WorkingPath -ChildPath "BypassFUBlock.ps1"

Expand All @@ -38,17 +41,17 @@ Function Export-BypassBlock {
"`n; Bypass Block for $($BlockName) - $($BlockGUID)" | Out-File -FilePath $OutRegFile -Append
"[HKEY_LOCAL_MACHINE\$($NAME)]" | Out-File -FilePath $OutRegFile -Append
"`"$($REG_VALUE_NAME)`"=dword:00000001" | Out-File -FilePath $OutRegFile -Append

If(!(Test-Path $OutPS1File)) {
"New-Item -Path `"HKLM:\$($NAME)`" -Force | Out-Null" | Out-File -FilePath $OutPS1File -Append
}
"`n#Bypass Block for $($BlockName) - $($BlockGUID)" | Out-File -FilePath $OutPS1File -Append
"New-ItemProperty -Path `"HKLM:\$($NAME)`" -Name `"$($REG_VALUE_NAME)`" -Value `"$($REG_VALUE_DATA_DWORD)`" -PropertyType DWord -Force | Out-Null" | Out-File -FilePath $OutPS1File -Append

}
}
}

Write-Host $Script:tick -ForegroundColor green
}
Catch {
Expand Down
11 changes: 7 additions & 4 deletions FU.WhyAmIBlocked/Public/Extract-XMLFromSDB.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
<#
.EXTERNALHELP FU.WhyAmIBlocked-help.xml
#>
Function Extract-XMLFromSDB {
[cmdletbinding()]
Param (
Expand All @@ -8,7 +11,7 @@ Function Extract-XMLFromSDB {
[parameter(Position = 2, Mandatory = $false)]
[string]
$SDBFileInput,

[parameter(Position = 3, Mandatory = $false)]
[string]
$SDBCab = $script:Config.SDBCab,
Expand Down Expand Up @@ -57,7 +60,7 @@ Function Extract-XMLFromSDB {
}
Else {
Write-Host $Script:tick -ForegroundColor green
}
}
}

Write-Host " + Finding .sdb files.. " -ForegroundColor Cyan -NoNewline
Expand Down Expand Up @@ -100,7 +103,7 @@ Function Extract-XMLFromSDB {
[parameter(Position = 2, Mandatory = $false)]
[string]
$SDBFileInput,

[parameter(Position = 3, Mandatory = $false)]
[string]
$SDBCab = $script:Config.SDBCab,
Expand Down Expand Up @@ -149,7 +152,7 @@ Function Extract-XMLFromSDB {
}
Else {
Write-Host $Script:tick -ForegroundColor green
}
}
}

Write-Host " + Finding .sdb files.. " -ForegroundColor Cyan -NoNewline
Expand Down
31 changes: 17 additions & 14 deletions FU.WhyAmIBlocked/Public/Find-BlocksInSDB.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,24 @@
<#
.EXTERNALHELP FU.WhyAmIBlocked-help.xml
#>
Function Find-BlocksInSDB {
[cmdletbinding()]
Param(

[parameter(Position = 1, Mandatory = $false)]
[string]
$Path = $script:Config.Path,

[parameter(Position = 2, Mandatory = $false)]
[string[]]
$BlockList = $Script:BlockList
)

Try {

Write-Host " + Finding block entries in Appraiser database.. " -ForegroundColor Cyan -NoNewline
If($BlockList) {

$WorkingPath = $Path
$Files = Get-Item -Path "$($WorkingPath)\*.sdb.XML"
$AllMatches = @{}
Expand All @@ -33,10 +36,10 @@ Function Find-BlocksInSDB {
}
}
}

ForEach ($Key in $Blocks.Keys) {
$RelatedBlocks = @{}
$LookupValues = ($Blocks[$Key] | Where-Object {$_.Name -eq 'COMMAND_LINE' -and !([String]::IsNullOrEmpty($_.Value))}) | Where Name -eq 'COMMAND_LINE'
$LookupValues = ($Blocks[$Key] | Where-Object {$_.Name -eq 'COMMAND_LINE' -and !([String]::IsNullOrEmpty($_.Value))}) | Where-Object Name -eq 'COMMAND_LINE'
If($LookupValues) {
$RelatedMatch = $SDBContent.SDB.Database.MATCHING_INFO_BLOCK | Where-Object {[Regex]::Escape($LookupValues.Value) -like [Regex]::Escape(($_.PICK_ONE.MATCH_PLUGIN.COMMAND_LINE.'#text'))} | Where-Object {$_.EXE_ID.'#text' -ne $key}
ForEach($Item in $RelatedMatch) {
Expand All @@ -48,30 +51,30 @@ Function Find-BlocksInSDB {
}
}
}

"Matches for $($Key)" | Out-File $WorkingPath\Matches.txt -Append
"========================" | Out-File $WorkingPath\Matches.txt -Append
$Blocks[$Key] | Format-Table | Out-File $WorkingPath\Matches.txt -Append
"========================" | Out-File $WorkingPath\Matches.txt -Append
"Related Matches for $($Key)" | Out-File $WorkingPath\Matches.txt -Append
"========================" | Out-File $WorkingPath\Matches.txt -Append
$RelatedBlocks[$Key] | Out-File $WorkingPath\Matches.txt -Append
"========================" | Out-File $WorkingPath\Matches.txt -Append
"========================" | Out-File $WorkingPath\Matches.txt -Append
"" | Out-File $WorkingPath\Matches.txt -Append

}

$AllMatches | ConvertTo-Json | Out-File -FilePath $WorkingPath\AllMatches.json -Append

Write-Host $Script:tick -ForegroundColor green
}
Else {
Write-Warning "No Blocklist found."
}
}

Catch {
Write-Warning $_
}

}
25 changes: 14 additions & 11 deletions FU.WhyAmIBlocked/Public/Get-Blocks.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
<#
.EXTERNALHELP FU.WhyAmIBlocked-help.xml
#>
Function Get-Blocks {
[cmdletbinding(DefaultParameterSetName="Local")]
Param(
Expand All @@ -20,7 +23,7 @@ Function Get-Blocks {
[parameter(Position = 2, Mandatory = $true, ParameterSetName='Alt')]
[string]
$AlternateSourcePath,

[parameter(Position = 3, Mandatory = $false)]
[string]
$Path = $script:config.Path,
Expand All @@ -32,13 +35,13 @@ Function Get-Blocks {
[parameter(Position = 6, Mandatory = $false)]
[switch]
$SkipSDBInfo

)

Try {

Write-Host " + Creating Output Folders $($OutputPath).. " -ForegroundColor Cyan -NoNewline


If($Local.IsPresent -or (!($DeviceName)) -and (!($AlternateSourcePath))) {
$DeviceName = $env:computername
Expand All @@ -51,21 +54,21 @@ Function Get-Blocks {
$DeviceName = "NoDeviceName"
$OutputPath = "$($Path)\Output"
}

New-Item -Path $OutputPath -ItemType Directory -Force -ErrorAction SilentlyContinue | Out-Null
Remove-Item -Path $OutputPath\* -Recurse -ErrorAction SilentlyContinue | Out-Null

$ResultFile = "$($OutputPath)\Results.txt"
New-Item -Path $ResultFile -ItemType "File" -Force | Out-Null
Add-Content -Path $ResultFile -Value "$($DeviceName) - $(Get-Date)"

$AppraiserPath = Join-Path -Path $OutputPath -ChildPath "Appraiser"
New-Item -Path $AppraiserPath -ItemType Directory -Force | Out-Null
Write-Host $script:tick -ForegroundColor Green

If(!($AlternateSourcePath)) {
If($DeviceName -eq $env:computername) {
$RootPath = "c:"
$RootPath = "c:"
}
Else {
$RootPath = "\\$($DeviceName)\c`$"
Expand Down Expand Up @@ -94,12 +97,12 @@ Function Get-Blocks {
}

If($ProcessPantherLogs.IsPresent) {
Copy-Item (Join-Path -Path $WindowsBTPath -ChildPath "Sources\Panther\*APPRAISER_HumanReadable.xml") $OutputPath -ErrorAction SilentlyContinue
Copy-Item (Join-Path -Path $WindowsBTPath -ChildPath "Sources\Panther\*APPRAISER_HumanReadable.xml") $OutputPath -ErrorAction SilentlyContinue
}

$HumanReadableXMLFiles = (Get-Item -Path "*Humanreadable.xml" -ErrorAction SilentlyContinue).FullName
$Script:BlockList = Get-BlocksFromBin -FileList $HumanReadableXMLFiles -ResultFile $ResultFile -Output (New-Object -TypeName System.Collections.ArrayList )

#Needs to work with remote devices too...
If($DeviceName -eq $env:computername) {
Add-Content -Path $ResultFile -Value "AppCompat Registry Flags"
Expand All @@ -108,7 +111,7 @@ Function Get-Blocks {
Add-Content -Path $ResultFile -Value (Get-Item 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser\SEC')
Add-Content -Path $ResultFile -Value (Get-Item 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser\GWX')
}

If($ProcessPantherLogs.IsPresent) {
Copy-Item -Path (Join-Path -Path $WindowsBTPath -ChildPath "Sources\Panther\appraiser.sdb") -Destination (Join-Path -Path $AppraiserPath -ChildPath "BT-Panther-sdb.sdb") -ErrorAction SilentlyContinue
Copy-Item -Path (Join-Path -Path $WindowsBTPath -ChildPath "Sources\appraiser.sdb") -Destination (Join-Path -Path $AppraiserPath -ChildPath "BT-sdb.sdb") -ErrorAction SilentlyContinue
Expand Down
Loading

0 comments on commit 0133847

Please sign in to comment.