如何使用PowerShell获取文件列表和扩展属性

发布于 2025-01-25 03:41:57 字数 920 浏览 3 评论 0原文

我正在尝试在Powershell做某事，但我正在努力。

我想获取我的计算机中所有文件的列表，该文件具有带有名称的扩展属性（ea）：'$ kernel.smartlocker.originclaim'。

我得到了一些帮助并有基本的代码，但是它不起作用，我认为这是不对的。

ls C:\ -Recurse -ErrorAction SilentlyContinue | Where-Object {

  $File = Get-NtFile -Path $_.FullName -Win32Path -Access ReadEa -ErrorAction SilentlyContinue

  if ($File) {
    $ExtendedAttributes = $File.GetEa()
    $ExtendedAttributes.Entries | Where-Object { $_.Name -eq '$Kernel.Smartlocker.OriginClaim' }

  }
}

我正在使用一个非标准的powershell模块，我发现在这里该模块添加了一个提供商和CMDLET，以访问NT对象管理器名称空间。它使我可以使用get-ntfile。

$ _。名称正在显示文件名而不是属性，至少是我的感觉。另外，我不知道如何将其发送到可以看到文件名，文件路径和ExtendedAttribute名称的文件。

尽管我正在使用它，但我不需要这样做，但我只想要一些让我找到所需的属性的东西。

有人可以帮忙吗？

提前致谢！ Aganju

原文

I am trying to do something in PowerShell but I am struggling with it.

I would like to get a list of all the files in my computer that has an Extended Attribute (EA) with name: '$KERNEL.SMARTLOCKER.ORIGINCLAIM'.

I got some help and have a basic code, but it doesn't work, I don't think it's doing the right thing.

ls C:\ -Recurse -ErrorAction SilentlyContinue | Where-Object {

  $File = Get-NtFile -Path $_.FullName -Win32Path -Access ReadEa -ErrorAction SilentlyContinue

  if ($File) {
    $ExtendedAttributes = $File.GetEa()
    $ExtendedAttributes.Entries | Where-Object { $_.Name -eq '$Kernel.Smartlocker.OriginClaim' }

  }
}

I am using a non-standard PowerShell module that I found here
This module adds a provider and cmdlets to access the NT object manager namespace. It allows me to use Get-NtFile.

The $_.Name is displaying the file name and not the attribute, at least that's the feeling I have.
Also, I don't know how to send this to a file where I could see the filename, the file path and the ExtendedAttribute Name.

Although I am using this, I don't have any requirement to do so, I just want something that allows me to get the attribute I am looking for.

Anyone can help?

Thanks in advance!
Aganju

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

假扮的天使 2025-02-01 03:41:57

我用已知的“ $ kernel.purge.esbcache”测试了以下测试，它肯定有效，这表明Mathias的建议对我来说是正确的。这将为您输出文件

Get-ChildItem -Path C:\ -Recurse -ErrorAction SilentlyContinue | %{
    try{
    (Get-NtFile -Path $_.FullName -Win32Path -Access ReadEa -ErrorAction SilentlyContinue).getea().Entries |
    Where-Object Name -eq '$KERNEL.PURGE.ESBCACHE' |
    Select-Object Name, @{ Name='FilePath';  Expression = { $Script:_.DirectoryName }},  @{ Name='FileName';  Expression = { $script:_.Name }}
    }catch{}
} | Export-Csv -Path c:\temp\test2.csv -NoTypeInformation

I tested the below with a known entry "$KERNEL.PURGE.ESBCACHE" and it definitely works, suggesting Mathias' suggestion is correct to me. This will output to a file for you

Get-ChildItem -Path C:\ -Recurse -ErrorAction SilentlyContinue | %{
    try{
    (Get-NtFile -Path $_.FullName -Win32Path -Access ReadEa -ErrorAction SilentlyContinue).getea().Entries |
    Where-Object Name -eq '$KERNEL.PURGE.ESBCACHE' |
    Select-Object Name, @{ Name='FilePath';  Expression = { $Script:_.DirectoryName }},  @{ Name='FileName';  Expression = { $script:_.Name }}
    }catch{}
} | Export-Csv -Path c:\temp\test2.csv -NoTypeInformation

回复收藏 0 原文

~没有更多了~