Skip to content

Instantly share code, notes, and snippets.

@p0w3rsh3ll

p0w3rsh3ll/Add-FileAssociation.ps1 Secret

Last active Apr 12, 2020
Embed
What would you like to do?
Function Add-FileAssociation {
[CmdletBinding()]
Param(
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[ValidatePattern('^\.[a-zA-Z0-9]{1,3}')]
$Extension,
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[ValidateScript({
Test-Path -Path $_ -PathType Leaf
})]
[string]$TargetExecutable,
[Parameter()]
[string]$ftypeName
)
Begin {
$ext = [Management.Automation.Language.CodeGeneration]::EscapeSingleQuotedStringContent($Extension)
$exec = [Management.Automation.Language.CodeGeneration]::EscapeSingleQuotedStringContent($TargetExecutable)
# 2. Create a ftype
if (-not($PSBoundParameters['ftypeName'])) {
$ftypeName = '{0}{1}File'-f $($ext -replace '\.',''),
$((Get-Item -Path "$($exec)").BaseName)
$ftypeName = [Management.Automation.Language.CodeGeneration]::EscapeFormatStringContent($ftypeName)
} else {
$ftypeName = [Management.Automation.Language.CodeGeneration]::EscapeSingleQuotedStringContent($ftypeName)
}
Write-Verbose -Message "Ftype name set to $($ftypeName)"
}
Process {
# 1. remove anti-tampering protection if required
if (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$($ext)") {
$ParentACL = Get-Acl -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$($ext)"
if (Test-Path -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$($ext)\UserChoice") {
$k = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey("Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$($ext)\UserChoice",'ReadWriteSubTree','TakeOwnership')
$acl = $k.GetAccessControl()
$null = $acl.SetAccessRuleProtection($false,$true)
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ($ParentACL.Owner,'FullControl','Allow')
$null = $acl.SetAccessRule($rule)
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ($ParentACL.Owner,'SetValue','Deny')
$null = $acl.RemoveAccessRule($rule)
$null = $k.SetAccessControl($acl)
Write-Verbose -Message 'Removed anti-tampering protection'
}
}
# 2. add a ftype
$null = & (Get-Command "$($env:systemroot)\system32\reg.exe") @(
'add',
"HKCU\Software\Classes\$($ftypeName)\shell\open\command"
'/ve','/d',"$('\"{0}\" \"%1\"'-f $($exec))",
'/f','/reg:64'
)
Write-Verbose -Message "Adding command under HKCU\Software\Classes\$($ftypeName)\shell\open\command"
# 3. Update user file association
@"
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$($ext)\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$($ext)\OpenWithList]
"MRUList"="a"
"a"="$((Get-Item -Path "$($exec)").Name)"
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$($ext)\OpenWithProgids]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$($ext)\OpenWithProgids]
"$($ftypeName)"=hex(0):
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\$($ext)\UserChoice]
"Hash"=-
"Progid"=-
"@ |
Out-File -FilePath "$($env:TEMP)\$($ftypeName).dat" -Encoding ascii -Force
& (Get-Command "$($env:systemroot)\regedit.exe") @('/s',"$($env:TEMP)\$($ftypeName).dat")
Write-Verbose -Message 'Updated user file extension under HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts'
}
End {}
<#
.SYNOPSIS
Set user file associations
.DESCRIPTION
Define a program to open a file extension
.PARAMETER Extension
The file extension to modify
.PARAMETER TargetExecutable
The program to use to open the file extension
.PARAMETER ftypeName
Non mandatory parameter used to override the created file type handler value
.EXAMPLE
$HT = @{
Extension = '.txt'
TargetExecutable = "C:\Program Files\Notepad++\notepad++.exe"
}
Add-FileAssociation @HT
.EXAMPLE
$HT = @{
Extension = '.xml'
TargetExecutable = "C:\Program Files\Microsoft VS Code\Code.exe"
FtypeName = 'vscode'
}
Add-FileAssociation @HT
#>
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.