Created
January 12, 2022 12:24
-
-
Save mgeeky/5a30a0619a7486b2fb0bd5233490fa64 to your computer and use it in GitHub Desktop.
Enumerate Windows URI Handlers (Keys in HKEY_CLASSES_ROOT that contain "URL Protocol" values), examples: http:, calculator:, ms-officecmd:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT -ErrorAction SilentlyContinue | Out-Null | |
| $count = 0 | |
| try { | |
| Get-ChildItem HKCR: -ErrorAction SilentlyContinue | ForEach-Object { | |
| if((Get-ItemProperty $_.PSPath -ErrorAction SilentlyContinue).PSObject.Properties.Name -contains "URL Protocol") { | |
| $name = $_.PSChildName | |
| $count += 1 | |
| $line = "URI Handler {0:d4}: {1}" -f $count, $name | |
| Write-Host $line | |
| } | |
| } | |
| } | |
| catch {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Really cool and useful, reveals some interesting gems. It would be nice to get more info on the actual protocol handlers, but this seems not trivial as the entries differ greatly: E.g. ms-todo only has a blank URLProtocol value, many have shell/open/command subkeys which again differ sometimes having a default value with an exe, other a DelegateExecute with a CLSID.