1

I hope you're well. I am currently facing to some incomprehensible behavior which you can find the description of below.

What this code do?

  1. Check in 2 registry location (32 and 64 bits) for Ins_ProductVersion
  2. If nothing found then message displayed is Product Version: Not found!
  3. If value is found then display product version from Ins_ProductVersion

== Behavior descripton ==

If I use the code below into Powershell ISE, it work as expected:

Ouput provide:

  • Product Version: 11.7.0.669
foreach ($path in 'HKLM:\SOFTWARE\KasperskyLab\protected\KES\environment\', 'HKLM:\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\environment\') {
try {
$hotfix = Get-ItemPropertyValue -Path $path  -Name 'Ins_ProductVersion' -ErrorAction SilentlyContinue
# assuming you want to exit the loop at the first successfull 'hit'
if ($hotfix) { break }
}
catch { 
    #Write-Warning $_.Exception.Message
    #Write-Host "Unable to find $hotfix"
}} 

if ($hotfix) {write-host "- Product Version: $hotfix"}
else {write-host "- Product Version: Not found!"}

If I convert this code to exe with ps2exe, the output result is different.

ps2exe samples.ps1 test.exe

.\test.exe
.\test.exe : ERROR: Impossible de trouver une variable nomm‚e ®ÿhotfixÿ¯.
Au caractère Ligne:1 : 1
+ .\test.exe
+ ~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (ERROR: Impossib...m‚e ®ÿhotfixÿ¯.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

- Product Version: Not found!

I hope you can help me to understand where the problem is :)

Thanks in advance.

LEFBE

==[ Solution ] == I found out where the problem was. The code works as expected, but my antivirus has been configured to block unsigned applications that read registry keys. Based on this, the value $ hotfix could not be obtained

LEFBE
  • 125
  • 1
  • 9
  • 1
    Make sure you save `samples.ps1` with UTF8 encoding before generate the executable, otherwise `ps2exe` is gonna trip like it currently does. – Mathias R. Jessen Oct 06 '21 at 16:27
  • Hello @MathiasR.Jessen, thanks for your fast answer. Could you please guide me to be sure that samples.ps1 using UTF8 encoding ? – LEFBE Oct 06 '21 at 17:32
  • What text/code editor are you using to write your script? – Mathias R. Jessen Oct 06 '21 at 17:34
  • Powershell ISE have been used to write this script – LEFBE Oct 06 '21 at 17:46
  • Do you know a better code editor better than powershell ISE and he can convert my script to UTF8 ? – LEFBE Oct 06 '21 at 17:47
  • @MathiasR.Jessen : I've tested your proposal and convert my script to UTF-8 based on Microsoft article below. Unfortunatelly, the behavior still the same, result is Not found. I think that the problem come from the foreach code where variable is empty (because registry path is not found on 1 of 2 location.) Microsoft link https://learn.microsoft.com/fr-fr/powershell/scripting/dev-cross-plat/vscode/understanding-file-encoding?view=powershell-7.1. – LEFBE Oct 06 '21 at 20:36
  • It doesn't look like the code you're showing triggers the error message you're seeing. The error message suggests that it was triggered by a `Remove-Variable`, `Get-Variable`, or `Clear-Variable` call. – mklement0 Oct 07 '21 at 01:53
  • Try running your original *.ps1 script on the command line using powershell.exe rather than the ISE - the ISE remembers state between runs of your script, but powershell.exe will give you a “clean” session each time, the same as the ps2exe version. Failing that, try restarting the ISE and then running your script - that will give you a clean session as well. – mclayton Oct 07 '21 at 02:40
  • @mclayton: Based on your advice, I've tested my .ps1 directly from Powershell and it works as expected. I really don't think that the problem come from editor code, but mainly with the code inself. As I can see, variable $hotfix can return 2 values: nothing (because registry key is not present), or expected value (because registry key is present). When I play my code with Powershell, if nothing is present then, the code continue to the second registry path and display the value. When I play the code after convert to .exe, he stop the code after found nothing in the first registry key. – LEFBE Oct 07 '21 at 07:54

1 Answers1

0

==[ Solution ] == I found out where the problem was. The code works as expected, but my antivirus has been configured to block unsigned applications that read registry keys. Based on this, the value $ hotfix could not be obtained

LEFBE
  • 125
  • 1
  • 9