mirror of
https://github.com/Raphire/Win11Debloat.git
synced 2026-05-18 19:56:25 +00:00
246 lines
9.0 KiB
PowerShell
246 lines
9.0 KiB
PowerShell
function Convert-RegOperationToValueKind {
|
|
param(
|
|
[Parameter(Mandatory)]
|
|
$Operation
|
|
)
|
|
|
|
$valueName = if ([string]::IsNullOrEmpty([string]$Operation.ValueName)) { '' } else { [string]$Operation.ValueName }
|
|
$valueType = [string]$Operation.ValueType
|
|
|
|
switch ($valueType) {
|
|
'DWord' {
|
|
$unsigned = [uint32]$Operation.ValueData
|
|
$value = [BitConverter]::ToInt32([BitConverter]::GetBytes($unsigned), 0)
|
|
return @{ Name = $valueName; Kind = [Microsoft.Win32.RegistryValueKind]::DWord; Value = $value }
|
|
}
|
|
'QWord' {
|
|
$unsigned = [uint64]$Operation.ValueData
|
|
$value = [BitConverter]::ToInt64([BitConverter]::GetBytes($unsigned), 0)
|
|
return @{ Name = $valueName; Kind = [Microsoft.Win32.RegistryValueKind]::QWord; Value = $value }
|
|
}
|
|
'String' {
|
|
return @{ Name = $valueName; Kind = [Microsoft.Win32.RegistryValueKind]::String; Value = [string]$Operation.ValueData }
|
|
}
|
|
'Binary' {
|
|
return @{ Name = $valueName; Kind = [Microsoft.Win32.RegistryValueKind]::Binary; Value = [byte[]]$Operation.ValueData }
|
|
}
|
|
'Hex0' {
|
|
return @{ Name = $valueName; Kind = [Microsoft.Win32.RegistryValueKind]::None; Value = [byte[]]$Operation.ValueData }
|
|
}
|
|
'Hex3' {
|
|
return @{ Name = $valueName; Kind = [Microsoft.Win32.RegistryValueKind]::Binary; Value = [byte[]]$Operation.ValueData }
|
|
}
|
|
'HexB' {
|
|
$qwordBytes = [byte[]]$Operation.ValueData
|
|
if ($qwordBytes.Count -gt 8) {
|
|
throw "Unsupported hex value type '$valueType' with invalid byte count '$($qwordBytes.Count)' while applying reg operation for '$($Operation.KeyPath)'."
|
|
}
|
|
|
|
if ($qwordBytes.Count -lt 8) {
|
|
$paddedBytes = New-Object byte[] 8
|
|
[Array]::Copy($qwordBytes, $paddedBytes, $qwordBytes.Count)
|
|
$qwordBytes = $paddedBytes
|
|
}
|
|
|
|
$unsigned = [BitConverter]::ToUInt64($qwordBytes, 0)
|
|
$signed = [BitConverter]::ToInt64([BitConverter]::GetBytes($unsigned), 0)
|
|
return @{ Name = $valueName; Kind = [Microsoft.Win32.RegistryValueKind]::QWord; Value = $signed }
|
|
}
|
|
default {
|
|
if ($valueType -like 'Hex*') {
|
|
throw "Unsupported hex value type '$valueType' while applying reg operation for '$($Operation.KeyPath)'."
|
|
}
|
|
|
|
throw "Unsupported value type '$valueType' while applying reg operation for '$($Operation.KeyPath)'"
|
|
}
|
|
}
|
|
}
|
|
|
|
function Remove-RegistrySubKeyTreeIfExists {
|
|
param(
|
|
[Parameter(Mandatory)]
|
|
[Microsoft.Win32.RegistryKey]$RootKey,
|
|
[Parameter(Mandatory)]
|
|
[string]$SubKeyPath
|
|
)
|
|
|
|
$existingKey = $RootKey.OpenSubKey($SubKeyPath, $true)
|
|
if ($null -eq $existingKey) {
|
|
return
|
|
}
|
|
|
|
$existingKey.Close()
|
|
|
|
try {
|
|
$RootKey.DeleteSubKeyTree($SubKeyPath, $false)
|
|
}
|
|
catch [System.UnauthorizedAccessException], [System.Security.SecurityException] {
|
|
throw
|
|
}
|
|
catch {
|
|
# Best-effort cleanup only; missing keys are fine.
|
|
}
|
|
}
|
|
|
|
function Get-RegistryKeyForOperation {
|
|
param(
|
|
[Parameter(Mandatory)]
|
|
[string]$RegistryPath,
|
|
[switch]$CreateIfMissing
|
|
)
|
|
|
|
$parts = Split-RegistryPath -path $RegistryPath
|
|
if (-not $parts) {
|
|
throw "Unsupported registry path: $RegistryPath"
|
|
}
|
|
|
|
$rootKey = Get-RegistryRootKey -hiveName $parts.Hive
|
|
if (-not $rootKey) {
|
|
throw "Unsupported registry hive '$($parts.Hive)' in path '$RegistryPath'"
|
|
}
|
|
|
|
$subKeyPath = $parts.SubKey
|
|
if ([string]::IsNullOrWhiteSpace($subKeyPath)) {
|
|
return [PSCustomObject]@{ RootKey = $rootKey; SubKeyPath = $null; Key = $rootKey }
|
|
}
|
|
|
|
$key = if ($CreateIfMissing) {
|
|
$rootKey.CreateSubKey($subKeyPath)
|
|
}
|
|
else {
|
|
$rootKey.OpenSubKey($subKeyPath, $true)
|
|
}
|
|
|
|
return [PSCustomObject]@{ RootKey = $rootKey; SubKeyPath = $subKeyPath; Key = $key }
|
|
}
|
|
|
|
function Invoke-RegistryOperationsFromRegFile {
|
|
param(
|
|
[Parameter(Mandatory)]
|
|
[string]$RegFilePath
|
|
)
|
|
|
|
$accessDeniedFailures = New-Object 'System.Collections.Generic.List[object]'
|
|
|
|
foreach ($operation in @(Get-RegFileOperations -regFilePath $RegFilePath)) {
|
|
try {
|
|
$keyInfo = Get-RegistryKeyForOperation -RegistryPath $operation.KeyPath -CreateIfMissing:($operation.OperationType -eq 'SetValue')
|
|
|
|
switch ($operation.OperationType) {
|
|
'DeleteKey' {
|
|
if ($null -ne $keyInfo.Key) {
|
|
try {
|
|
if ($null -ne $keyInfo.SubKeyPath) {
|
|
Remove-RegistrySubKeyTreeIfExists -RootKey $keyInfo.RootKey -SubKeyPath $keyInfo.SubKeyPath
|
|
}
|
|
}
|
|
finally {
|
|
$keyInfo.Key.Close()
|
|
}
|
|
}
|
|
}
|
|
'DeleteValue' {
|
|
if ($null -ne $keyInfo.Key) {
|
|
try {
|
|
$valueName = if ([string]::IsNullOrEmpty([string]$operation.ValueName)) { '' } else { [string]$operation.ValueName }
|
|
$keyInfo.Key.DeleteValue($valueName, $false)
|
|
}
|
|
finally {
|
|
$keyInfo.Key.Close()
|
|
}
|
|
}
|
|
}
|
|
'SetValue' {
|
|
if ($null -eq $keyInfo.Key) {
|
|
throw "Unable to open or create registry key '$($operation.KeyPath)'"
|
|
}
|
|
|
|
try {
|
|
$setArgs = Convert-RegOperationToValueKind -Operation $operation
|
|
$keyInfo.Key.SetValue($setArgs.Name, $setArgs.Value, $setArgs.Kind)
|
|
}
|
|
finally {
|
|
$keyInfo.Key.Close()
|
|
}
|
|
}
|
|
default {
|
|
throw "Unsupported reg operation type '$($operation.OperationType)' in '$RegFilePath'"
|
|
}
|
|
}
|
|
}
|
|
catch [System.UnauthorizedAccessException], [System.Security.SecurityException] {
|
|
$valueDisplay = if ($operation.OperationType -eq 'SetValue' -or $operation.OperationType -eq 'DeleteValue') {
|
|
if ([string]::IsNullOrEmpty([string]$operation.ValueName)) { '(Default)' } else { [string]$operation.ValueName }
|
|
}
|
|
else {
|
|
''
|
|
}
|
|
|
|
$failure = [PSCustomObject]@{
|
|
OperationType = [string]$operation.OperationType
|
|
KeyPath = [string]$operation.KeyPath
|
|
ValueName = $valueDisplay
|
|
Error = $_.Exception.Message
|
|
}
|
|
$accessDeniedFailures.Add($failure)
|
|
|
|
if ([string]::IsNullOrEmpty($valueDisplay)) {
|
|
Write-Warning ("Skipping operation '{0}' on key '{1}' due to access restrictions: {2}" -f $failure.OperationType, $failure.KeyPath, $failure.Error)
|
|
}
|
|
else {
|
|
Write-Warning ("Skipping operation '{0}' on key '{1}' value '{2}' due to access restrictions: {3}" -f $failure.OperationType, $failure.KeyPath, $failure.ValueName, $failure.Error)
|
|
}
|
|
|
|
continue
|
|
}
|
|
}
|
|
|
|
if ($accessDeniedFailures.Count -gt 0) {
|
|
Write-Warning ("Registry fallback import completed with $($accessDeniedFailures.Count) access-restricted operation(s) skipped in '$RegFilePath'.")
|
|
}
|
|
}
|
|
|
|
function Invoke-RegistryImportViaPowerShell {
|
|
param(
|
|
[Parameter(Mandatory)]
|
|
[string]$RegFilePath,
|
|
[switch]$UseOfflineHive,
|
|
[string]$OfflineHiveDatPath
|
|
)
|
|
|
|
$applyScript = {
|
|
param($targetRegFilePath)
|
|
Invoke-RegistryOperationsFromRegFile -RegFilePath $targetRegFilePath
|
|
}
|
|
|
|
if ($UseOfflineHive) {
|
|
if (Get-Command -Name Invoke-WithLoadedBackupHive -ErrorAction SilentlyContinue) {
|
|
return Invoke-WithLoadedBackupHive -ScriptBlock $applyScript -ArgumentObject $RegFilePath
|
|
}
|
|
|
|
if ([string]::IsNullOrWhiteSpace($OfflineHiveDatPath)) {
|
|
throw "Offline hive path was not provided for fallback import of '$RegFilePath'"
|
|
}
|
|
|
|
$global:LASTEXITCODE = 0
|
|
reg load "HKU\Default" $OfflineHiveDatPath | Out-Null
|
|
$loadExitCode = $LASTEXITCODE
|
|
if ($loadExitCode -ne 0) {
|
|
throw "Failed to load user hive at '$OfflineHiveDatPath' for fallback import (exit code: $loadExitCode)"
|
|
}
|
|
|
|
try {
|
|
return & $applyScript $RegFilePath
|
|
}
|
|
finally {
|
|
$global:LASTEXITCODE = 0
|
|
reg unload "HKU\Default" | Out-Null
|
|
$unloadExitCode = $LASTEXITCODE
|
|
if ($unloadExitCode -ne 0) {
|
|
Write-Warning "Fallback import completed, but unloading HKU\Default failed (exit code: $unloadExitCode)."
|
|
}
|
|
}
|
|
}
|
|
|
|
return & $applyScript $RegFilePath
|
|
} |