Jul 01 2016

Windows 10 Bitlocker Recovery Gotcha

I recently upgraded my laptop from the now four year old Lenovo W530 to a shiny new Lenovo P50 complete with a Xeon 2.8Ghz CPU, 64GB of RAM and an NVME M.2 boot drive.  Not only did I upgrade the hardware but I also switched from Windows 8.1 to Windows 10.  So far so good.

Being that I’ve always owned laptops, I always try to take precautions against data loss through theft via full disk encryption.  With the release of BitLocker, this has been an remarkably seamless security improvement and I’ve used Bitlocker transparently for years.  So far so good.

Read the rest of this entry »

Mar 06 2016

HOWTO: Convert binary to human readable text

This is a quick fun little HOWTO.  The was an article on CollegeHumor today that looked like this:


01010100 01101000 01100101 00100000 01110010 01101111 01100010 01101111 01110100 01110011 00100000 01100001 01110010 01100101 00100000 01100001 01101101 01101111 01101110 01100111 00100000 01110101 01110011 00100000 01100001 01101110 01100100 00100000 01110111 01100101 00100000 01100001 01110010 01100101 00100000 01100001 01101100 01101100 00100000 01101001 01101110 00100000 01100100 01100001 01101110 01100111 01100101 01110010 00101110 00100000 01001000 01100101 01101100 01110000 00100000 01110101 01110011 00101100 00100000 01000111 01101111 01100100 00101110

I was of course curious what the message above actually said so I wondered how quickly I could figure that out with PowerShell.  The answer?  Pretty gosh darn quick.

((gc c:\temp\binary.txt) -split " " | % { [char]([convert]::ToInt32("$_",2)) }) -join ""

Read the rest of this entry »

Feb 15 2016

HOWTO: Determine what wmiprvse.exe is actually doing (aka Troubleshoot WMI)

This HOWTO came about after watching the excellent video series on using Process Explorer available here:

Case of the Unexplained: Troubleshooting with Mark Russinovich

In this video, he talks about a case where wmiprvse.exe was causing Bluray video playback to stutter. 
If you have worked in IT for any length of time, you’ve probably seen this executable come up during your troubleshooting.  It’s the "WMI provider host".
I’ve known that for a while but what happens inside this process has always been a black box for me… until now that is.

If you ever run into an issue where wmiprvse.exe is misbehaving, follow these simple troubleshooting steps:

1) Launch Event Viewer, go to View and enable Show Analytic and Debug Logs

Read the rest of this entry »

Jan 10 2016

HOWTO: Real world use case for Convert-FromString

This HOWTO covers a real world example of how to use Convert-FromString which was introduced in PowerShell 5.  As a reminder, this is the powerful new cmdlet that allows you to parse any kind of text data and convert the resulting data into structured PowerShell objects by defining “templates” for how the data is laid out and what information you want to extract.

The largest mall in my city includes literally hundreds of stores. I needed to shop for a particular kind of thing and wanted to know what stores I might want to check out.  I started by visiting the website for the mall.  This ended up giving me output that looked like this:


It’s not bad certainly but I would like to apply some filters to the dataset.  Now in reality, I could have certainly figured out what I wanted from this website but I realized this would be a great opportunity to see if I could make the ConvertFrom-String and FlashExtract do something useful.  Could I make a PowerShell object out of this data?

The first thing I did was download the webpage in PowerShell using the Invoke-WebRequest cmdlet.  Powershell includes a “parseddata” object that tries to break down any webpage into its component parts and return the results as nested objects.  I looked at the output and discovered that all of the data I was interested in was stored in parseddata.documentElement.outertext.  This gave me the following results:


Read the rest of this entry »

Dec 25 2015

HOWTO: Convert Complex Text Data into PowerShell Objects

PowerShell 5.0 introduces a wonderful new cmdlet called ConvertFrom-String.  Don’t let the simple name deceive you though.  There is some exceptionally complex math running behind the scenes here to do some truly wonderful things.
In fact, the code that gets executed inside this function is based upon the "FlashExtract" project completed by Microsoft Research.  How much math? Well here is a portion of the algorithm that was published in their whitepaper.

Source: http://research.microsoft.com/en-us/um/people/sumitg/pubs/pldi14-flashextract.pdf

The idea here is to give us as administrators the ability to take some existing complex text data, intelligently analyze it and convert it into native PowerShell objects. 
Technically we can already do this today using regular expressions.  But coming up with the right combination of letters and characters to produce the intended results is no easy task.  At least until now.
The idea here is that instead of trying to micro manage exactly character-by-character how you want to extract the data to get to the content you want, you instead simply ‘tell’ PowerShell want you want.
Specifically, you pass the ConvertFrom-String function a marked up template of the data that indicates which data is important.

It’s hard to understand in writing but will make a lot more sense once you see it in action.  This is also when the "ah ha" moment comes and you realize the power this new cmdlet offers.

For our example, we’re going to take a look at the c:\windows\windowsupdate.log.  This is a plain text log file that contains several columns:


Read the rest of this entry »

Dec 16 2015

HOWTO: Monitor a webpage and alert on change

This is admittedly kind of a silly HOWTO but does contain a number of very useful concepts.

I am eagerly awaiting the Lenovo Thinkpad P50 laptop.  The official webpage for this laptop went live today but for pricing it simply says “Coming Soon”.
Rather than refresh the page constantly, I figured I’d let PowerShell do the work for me.  Specifically:

1) Connect to the shop.lenovo.com website every hour and check if the “Coming Soon” pricing has changed
2) If the text is still present, do nothing
3) If the the “Coming Soon” text has been removed (presumably replaced by actual pricing) do the following:
4) Create a pop up tooltip in the Windows System tray alerting me that the pricing is now available
5) In case I miss the popup, email me as well.

To accomplish this, take the code below, save it to a file and create a scheduled task to run it every hour.  That’s it.  You will now be notified as soon as the laptop is available for purchase!

Note: You may be wondering why I didn’t use the built-in Invoke-WebRequest cmdlet.  Normally I would but for Lenovo’s website specifically, I would consistently get “403 – Forbidden” errors.
I tried adding custom user agents and even went as far as using Fiddler to figure out what a good header looks like and then copied that.
The issue appears to be that the Lenovo website is compressed with Gzip and encoded in such a way that (I couldn’t figure out anyway) how to make it work with the built in tool.


Dec 13 2015

HOWTO: Identify and Run every valid Get-* cmdlet on your system

I recently found myself on a long bus ride with my laptop and no Internet connection.  I decided to create a PowerShell puzzle for myself to keep me busy until I reached my destination.  It ended up being kind of interesting so I wanted to share my puzzle and the solution with here.


PowerShell has the concept of “Get-*” cmdlets where these will only retrieve information but will never change anything.  This makes Get commands safe to run, even if you don’t know what they do.   PowerShell ships with hundreds of Get cmdlets.  It would be great to know what kind of information each one provided.  To do that I’d need to run every Get command.  That’s simple enough but is complicated by the fact  that most Get- cmdlets come with multiple ‘parameter sets’ and many are configured with mandatory parameters.  This means that if we blindly run each command we’ll end up with a bunch of errors and prompts for user input.

So what we need to do is figure out which of the Get- commands can be run without passing any parameters.  We then also want to exclude commands that run properly but don’t return any data by default.


Check out the script below.  It will scan the system for every Get- command and then will figure out which ones can be executed directly without parameters and will actually return data.  It then runs all of those and returns the first 5 objects so you can get a feel for what kind of data is returned.  It will then display a report showing how many cmdlets met each criteria.  On my system for example we can see that 143 commands can be executed and return something useful just by typing the name of the command and hitting enter.


Read the rest of this entry »

Nov 25 2015

HOWTO: Convert SQL data to PowerShell Objects

As you develop your PowerShell skills, you’ll start to see how they can be useful everywhere – even in places where it might not seem obvious.
Let’s say you have a SQL database that you need to extract information from but you’re not terribly strong with SQL.  You are pretty good with PowerShell though.
Wouldn’t it be great if you could easily "convert" your SQL data into a native PowerShell object and then do all of your filtering and customization there?  In a language you know and love?

I found myself in that exact situation and I’m pleased to say I found a simple and elegant solution.

Sidenote: As I was preparing for this blog post, I realized it can be incredibly difficult to build screenshots and database queries that don’t contain potentially sensitive information.

Let’s make up a scenario in which we have a database called ‘rdm’ and inside that there is a table called ‘ConnectionLog’.
We want to find the 5 dates in which the user ‘rvance’ logged in most frequently.  Let’s assume we are doing some kind of security analysis. 

Read the rest of this entry »

Nov 23 2015

Adele would be amazing at Karaoke

I was browsing the news today and learned that Adele recently performed on Saturday Night Live.  It’s clear by this point that she is a very capable singer. But for a major television performance, I always just cynically assume that the artist is seldom actually singing.  I often expect them to be either dubbed based on a studio recording or with liberal use of Autotune being applied.  Here is an example of what I mean:


Or how about this?  Here is a much more humorous take on how much work is required to make singers sound actually good called “Sound Engineer’s Hard Work”:


All of this brings us to the point.  The reason I knew Adele performed on SNL is because her raw mic audio feed was leaked from the performance.  If this were to happen to a good chunk of modern musicians these days, I suspect their PR teams would be working a lot of overtime.  But Adele is not most musicians.  The raw audio feed was in my opinion even better than the full song with all of the other instruments and backup singers.  There are not many artists that can carry a song entirely on their own with nothing but their voice but Adele would be one of them.

Read the rest of this entry »

Nov 18 2015

HOWTO: Create Fastest Possible Custom Objects [Revisit]

In November of last year I did a post called the "Fastest Possible Way to Make Custom Objects in PowerShell".


That post came about because I was frustrated with the techniques I was using at the time to make custom objects and decided to sit down and once and for all simply the process.
If you have a look at that code, you’ll see using it was simple enough but initializing it was all sorts of bizarre.

I’m pleased to say that in the year since I’ve wrote that post, I’ve learned a lot about PowerShell. I’ve learned that I made things far, far more complicated than it needed to be.*
(* The technique above technically is still useful for PowerShell 2 environments as the technique below I’m pretty sure isn’t supported there)

Let’s say you want to make a custom object.  Specifically let’s say you want to show the filename of all files in a folder and the first line of each file.  Look how easy this is now:

Get-ChildItem c:\windows\*.log | % { [pscustomobject]@{‘Filename’=$_.fullname; ‘FileContent’= (Get-Content $_.fullname | select -first 1)} }

If that doesn’t make any sense, here is the important part.  To make a custom object, do the following:


You’re using a "type accelerator" called [pscustomobject] and defining it as a hash table (series of key/value pairs).  The right side of the equals in each line can be wrapped in round brackets allowing you to run anything you want and save it into the final object, just as I did above with Get-Content.

Very cool stuff!

Older posts «

» Newer posts