COM




COM은 Component Object Model로 위키백과를 참조하길 바란다.

PowerShell에서 ComObject를 이용해 Registry에 접근할 수 있다.

Get-ChildItem REGISTRY::HKEY_CLASSES_ROOT\CLSID -include PROGID -recurse | ForEach {$_.GetValue("")}를 실행해 보자.

PS C:\WINDOWS\system32> Get-ChildItem REGISTRY::HKEY_CLASSES_ROOT\CLSID -include PROGID -recurse | ForEach {$_.GetValue("")}
file
StaticMetafile
StaticDib
clsid
objref
ADODB.Command.6.0
ADODB.Parameter.6.0
ADODB.Connection.6.0
ADODB.Recordset.6.0
...(생략)

많은 결과가 출력되는데 이 중 wscript만 출력해 보자. | Where-Object {$_ -match "wscript"}를 붙여주면 된다. wscript는 윈도우에서 사용하는 스크립트다.

PS C:\WINDOWS\system32> Get-ChildItem REGISTRY::HKEY_CLASSES_ROOT\CLSID -include PROGID -recurse | ForEach {$_.GetValue("")} | Where-Object {$_ -match "wscript"}
WScript.Network.1
WScript.Shell.1
WScript.Shell.1
WScript.Network.1

여기서 WScript.Shell.1을 사용해보자.

$wscript = New-Object -ComObject Wscript.Shell.1을 입력한 후 $wscript | Get-Member을 입력해 보자.

PS C:\WINDOWS\system32> $wscript = New-Object -ComObject Wscript.Shell.1
PS C:\WINDOWS\system32> $wscript | Get-Member


   TypeName: System.__ComObject#{41904400-be18-11d3-a28b-00104bd35090}

Name                     MemberType            Definition
----                     ----------            ----------
AppActivate              Method                bool AppActivate (Variant, Variant)
CreateShortcut           Method                IDispatch CreateShortcut (string)
Exec                     Method                IWshExec Exec (string)
ExpandEnvironmentStrings Method                string ExpandEnvironmentStrings (string)
LogEvent                 Method                bool LogEvent (Variant, string, string)
Popup                    Method                int Popup (string, Variant, Variant, Variant)
RegDelete                Method                void RegDelete (string)
RegRead                  Method                Variant RegRead (string)
RegWrite                 Method                void RegWrite (string, Variant, Variant)
Run                      Method                int Run (string, Variant, Variant)
SendKeys                 Method                void SendKeys (string, Variant)
Environment              ParameterizedProperty IWshEnvironment Environment (Variant) {get}
CurrentDirectory         Property              string CurrentDirectory () {get} {set}
SpecialFolders           Property              IWshCollection SpecialFolders () {get}

사용할 수 있는 Method들이 출력된 것을 볼 수 있다.

PS C:\WINDOWS\system32> $wscript.CurrentDirectory
C:\WINDOWS\system32
PS C:\WINDOWS\system32> $wscript.Exec("notepad.exe")


Status    : 0
StdIn     : System.__ComObject
StdOut    : System.__ComObject
StdErr    : System.__ComObject
ProcessID : 8056
ExitCode  : 0

이렇게 사용할 수 있다.




© 2017. by k3y6reak

Powered by k3y6reak