Friday, August 26, 2011

New-Object -ComObject Shell.Application

Here are some notes on exposing  the Shell as a ComObject with Powershell. Here, I trace down the cookies folder:


$a = New-Object -ComObject Shell.Application
$b=1..100
 foreach ($i in $b) {write "$i $($a | % {$_.Namespace($i).Self.Path})"}
....
32 C:\Users\rferrisx\AppData\Local\Microsoft\Windows\Temporary Internet Files
33 C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Cookies
34 C:\Users\rferrisx\AppData\Local\Microsoft\Windows\History
...
($a | % {ls -recurse $_.Namespace(33).Self.Path }).count
2385

($a | % {ls -recurse $_.Namespace(33).Self.Path | gc }) | more

__utma
173272373.1981518736.1312989611.1312989611.1312989656.2
google.com/mail/help/
1088
187792384
30315796
433027780
30168945
*
...

Powershell gives us some opportunities to look at Windows file structure internals. The output of these commands gives us the objects referenced by the file system for the Windows Shell:


$a = New-Object -ComObject Shell.Application


$b=0..60

foreach ($i in $b) {write "$i $($a | % {$_.Namespace($i).Title})"}
foreach ($i in $b) {write "$i $($a | % {$_.Namespace($i).Self.Path})"}

I can line them up in  spreadsheet (as below). Some are file paths give as GUIDs (or CLSIDs?). Others are blank:

0 Desktop C:\Users\rferrisx\Desktop
1 The Internet ::{871C5380-42A0-1069-A2EA-08002B30309D}
2 Programs C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
3 All Control Panel Items ::{26EE0668-A00A-44D7-9371-BEB064C98683}\0
4 Printers ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{2227A280-3AEA-1069-A2DE-08002B30309D}
5 My Documents C:\Users\rferrisx\Documents
6 Favorites C:\Users\rferrisx\Favorites
7 Startup C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
8 Recent Items C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Recent
9 SendTo C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\SendTo
10 Recycle Bin ::{645FF040-5081-101B-9F08-00AA002F954E}
11 Start Menu C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu
12 12
13 My Music C:\Users\rferrisx\Music
14 My Videos C:\Users\rferrisx\Videos
15 15
16 Desktop C:\Users\rferrisx\Desktop
17 Computer ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
18 Network ::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
19 Network Shortcuts C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Network Shortcuts
20 Fonts C:\Windows\Fonts
21 Templates C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Templates
22 Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
23 Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
24 Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
25 Public Desktop C:\Users\Public\Desktop
26 Roaming C:\Users\rferrisx\AppData\Roaming
27 Printer Shortcuts C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
28 Local C:\Users\rferrisx\AppData\Local
29 Startup C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
30 Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
31 Favorites C:\Users\rferrisx\Favorites
32 Temporary Internet Files C:\Users\rferrisx\AppData\Local\Microsoft\Windows\Temporary Internet Files
33 Cookies C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Cookies
34 History C:\Users\rferrisx\AppData\Local\Microsoft\Windows\History
35 ProgramData C:\ProgramData
36 Windows C:\Windows
37 System32 C:\Windows\System32
38 Program Files C:\Program Files
39 My Pictures C:\Users\rferrisx\Pictures
40 rferrisx C:\Users\rferrisx
41 SysWOW64 C:\Windows\SysWOW64
42 Program Files (x86) C:\Program Files (x86)
43 Common Files C:\Program Files\Common Files
44 Common Files C:\Program Files (x86)\Common Files
45 Templates C:\ProgramData\Microsoft\Windows\Templates
46 Public Documents C:\Users\Public\Documents
47 Administrative Tools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
48 Administrative Tools C:\Users\rferrisx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
49 Network Connections ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
50 50
51 51
52 52
53 Public Music C:\Users\Public\Music
54 Public Pictures C:\Users\Public\Pictures
55 Public Videos C:\Users\Public\Videos
56 Resources C:\Windows\Resources
57 409 C:\Windows\Resources\0409
58 OEM Links C:\ProgramData\OEM Links
59 Temporary Burn Folder C:\Users\rferrisx\AppData\Local\Microsoft\Windows\Burn\Burn

What are those GUID (or CLSID) paths? The 49th appears to be the non-browsable folder:
"All Control Panel Items"\"Network Connections"

$a | % {$_.Namespace(49).ParentFolder.Self.GetFolder.Self}

Application  : System.__ComObject
Parent       : System.__ComObject
Name         : All Control Panel Items
Path         : ::{21EC2020-3AEA-1069-A2DD-08002B30309D}
GetLink      :
GetFolder    : System.__ComObject
IsLink       : False
IsFolder     : True
IsFileSystem : False
IsBrowsable  : False
ModifyDate   : 12/30/1899 12:00:00 AM
Size         : 0
Type         : System Folder

$a | % {$_.Namespace(49).ParentFolder.Self.GetFolder.Self.Name}
All Control Panel Items

$a | % {$_.Namespace(49).Self.GetFolder.Self}

Application  : System.__ComObject
Parent       : System.__ComObject
Name         : Network Connections
Path         : ::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
GetLink      :
GetFolder    : System.__ComObject
IsLink       : False
IsFolder     : True
IsFileSystem : False
IsBrowsable  : False
ModifyDate   : 12/30/1899 12:00:00 AM
Size         : 0
Type         : System Folder

$a | % {$_.Namespace(49).Self.GetFolder.Self.Name}
Network Connections

No comments:

Post a Comment