PowerShell – grabbing values out of the registry and running them

June 12, 2012

So I closed an application that runs when Windows starts up, but it doesn’t have a Start Menu entry, and I was trying to find it.

Ok, I could’ve run regedit.exe, navigated through the tree and found the list of things that run when Windows starts up, but I thought I’d use PowerShell instead.

PowerShell presents the registry as if it’s a volume on a disk, and you can navigate around it using commands like cd and dir.

It wasn’t hard to find the folder I knew I was after – tab completion (starting the word and then hitting the Tab key) was a friend here. But unfortunately dir doesn’t list values, only subkeys (which look like folders).

PS C:\Windows\system32> dir HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PS C:\Windows\system32>

Instead, I needed to use Get-Item to fetch the ‘Run’ key, and use its Property property. This listed the values in there for me, as an array of strings (I could work this out using Get-Member).

PS C:\Windows\system32> (Get-Item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).Property QuickSet SynTPEnh Zune Launcher PS C:\Windows\system32>

Ok, so the thing I wanted wasn’t in there (an app called PureText, whicih lets me Paste As Text using Windows+V). That’s ok – a simple change to use HKCU instead of HKLM (Current User instead of Local Machine), and I found it.

Now to fetch the details of the application itself, using the RegistryKey method GetValue

PS C:\Windows\system32> (Get-Item HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).GetValue(‘PureText’) ‘C:\Users\Rob\Utilities\PureText.exe’ PS C:\Windows\system32>

And finally, surrounding it in a bit of code to execute that command. That needs an ampersand and the Invoke-Expression cmdlet.

PS C:\Windows\system32> ‘& ‘ + (Get-Item HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).GetValue(‘PureText’) | Invoke-Expression

A simple bit of exploring PowerShell which will makes for a much easier way of finding and running those apps which start with Windows.

This Post Has 4 Comments

  1. Phil Carter

    Nice Rob.
    Also good to see someone else lives with PureText 🙂

  2. Robert Sterbal

    Autoruns is a nice app that can also be used

  3. Tyler Harnach

    Thanks Rob! This kind of registry manipulation with powershell is just what I was looking for!

  4. Rob Farley

    Hi Milla,
    It depends very much on what your definition of ‘quote’ is. You can certainly refer to my articles, but I would rather you didn’t just copy the whole thing word-for-word.
    Rob

Leave a Reply

LobsterPot Blogs

Blog posts by Rob Farley and other LobsterPot Solutions team members.