PowerShell

Within the last two years or so I have started to use more and more PowerShell scripting at work and for my private administration tasks on Windows.

The thing I find coolest about PowerShell is that you can tap into the .NET Framework and do weirdly satisfying stuff like this:

<#
Reading actual Windows version from KUSER_SHARED_DATA
xref: http://terminus.rewolf.pl/terminus/structures/ntdll/_KUSER_SHARED_DATA_combined.html
xref: https://msrc-blog.microsoft.com/2022/04/05/randomizing-the-kuser_shared_data-structure-on-windows/
#>
$WinVerMaj = [System.Runtime.InteropServices.Marshal]::ReadInt321, 0x026c)
$WinVerMin = [System.Runtime.InteropServices.Marshal]::ReadInt322, 0x0270)
$WinVerBld = [System.Runtime.InteropServices.Marshal]::ReadInt323, 0x0260)
Write-Output "Windows: $WinVerMaj.$WinVerMin.$WinVerBld"

I’ve done this from C/C++ before, and I’ve even had some encounters with System.Runtime.InteropServices during my first serious C# project, but this is just beautiful. As you may or may not know Windows can lie to you about the Windows version depending on the manifest and its contents or its absence. By consulting the respective fields of KUSER_SHARED_DATA we can simply read the actual version whenever needed … and now even from PowerShell.

Perhaps those more seasoned in the use of PowerShell know even more elegant ways to express the same, but to me the above is already quite satisfying.

// Oliver

  1. New-Object IntPtr(0x7ffe0000 []
  2. New-Object IntPtr(0x7ffe0000 []
  3. New-Object IntPtr(0x7ffe0000 []
This entry was posted in Administration, EN, Programming and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *