Skip to content

Instantly share code, notes, and snippets.

@joswr1ght

joswr1ght/checkhiddensvc.ps1

Last active May 3, 2023 13:24
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save joswr1ght/c5d9773a90a22478309e9e427073fd30 to your computer and use it in GitHub Desktop.
Save joswr1ght/c5d9773a90a22478309e9e427073fd30 to your computer and use it in GitHub Desktop.
Download ZIP
Identify Hidden Windows Services
Raw
checkhiddensvc.ps1
Compare-Object -ReferenceObject (Get-Service | Select-Object -ExpandProperty Name | % { $_ -replace "_[0-9a-f]{2,8}$" } ) -DifferenceObject (gci -path hklm:\system\currentcontrolset\services | % { $_.Name -Replace "HKEY_LOCAL_MACHINE\\","HKLM:\" } | ? { Get-ItemProperty -Path "$_" -name objectname -erroraction 'ignore' } | % { $_.substring(40) }) -PassThru | ?{$_.sideIndicator -eq "=>"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment