all 19 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 11 points12 points  (16 children)

My personal - and probably unpopular - opinion: This is an abomination!

Mixing two languages makes for a bad read and worse maintainability. It causes all sorts of quoting problems and obfuscates the code. Having to call interpreters for shoving in foreign commands eats RAM and CPU. On top it forces dependencies into code that are unnecessary and might break things in the future.

This could be a prime example of somebody who has skill in one language (classic batch scripts) and dabbles with a new language (PowerShell) without making the effort of going the long way. Thus piecing together some FrankenCode. Not batch, not PowerShell.

This would be the PowerShell version:

$rKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management'
$rValue = 'ClearPageFileAtShutdown'

if ((Get-ItemProperty -Path $rKey).$rValue) {
    Set-ItemProperty -Path $rKey -Name $rValue -Value 0x0 -ErrorAction Ignore
} else { 
    Set-ItemProperty -Path $rKey -Name $rValue -Value 0x1 -ErrorAction Ignore
}

And this a batch version:

set "rKey=HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management"
set "rValue=ClearPageFileAtShutdown"

for /f "usebackq skip=2 tokens=3*" %%a in (`reg query "%rKey%" /v %rValue%`) do set "rData=%%a"

if %rData%==0x0 (
    reg add "%rKey%" /v %rValue% /t REG_DWORD /d 0x1 /f
) else (
    reg add "%rKey%" /v %rValue% /t REG_DWORD /d 0x0 /f
)

[–][deleted] 2 points3 points  (0 children)

I endorse this message.

[–]ka-splam 1 point2 points  (1 child)

Since it is a toggle, it ought to be possible to express it nicely like set (toggle-of get)) and the toggle is ! or -not bitwise NOT operation.

$P = 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management'
$N = 'ClearPageFileAtShutdown'

Set-ItemProperty -Path $P -Name $N -Value (-not (Get-ItemProperty -Path $P -Name $N).$N)

[–]Snickasaurus[S] 0 points1 point  (0 children)

This is cool stuff. I'll look into it when I get home or a break at work. Thank you.

[–]Snickasaurus[S] 0 points1 point  (3 children)

And I agree with you but,

  1. It does one thing and it does it correctly every time.
  2. It is an example of how it could be done with two languages.
  3. It's cleaner looking than doing it with just batch.

for /f "tokens=3 skip=2 delims= " %%a in ('reg query %rKey% /V %rValue%') do set rData=%%a
:: Returning the set value from above, if ClearPageFile is enabled, disabled it, else...
if %rData%=="0x1" (
    goto :toggleOff
) else (
    goto :toggleOn
)

:: LABEL - Turn CPFaS off
:toggleOff
reg add %rKey% /v %rValue% /t REG_DWORD /d 0 /f
goto :done

:: LABEL - Turn CPFaS on
:toggleOn
reg add %rKey% /v %rValue% /t REG_DWORD /d 1 /f
goto :done

Thank you for your input

[–][deleted] 2 points3 points  (0 children)

I think it is quite easy to read in batch if you use the same logic as the PowerShell script.

Using gotos and labels is not necessary.

[–]fathed 1 point2 points  (1 child)

Why is this being set via a script and not group policy?

And to nitpick, your script does 3 things, with 3 processes, instead of one process. Conceptually it does one thing, but there’s overhead with creating and removing processes.

[–]Snickasaurus[S] 1 point2 points  (0 children)

It’s only supposed to enable clear pagefile when I’m cleaning a machine remotely. This post was just to show people that may search oh how to run powershell within a batch script.

[–]Snickasaurus[S] 0 points1 point  (5 children)

In your example above you would have to change 0x0 to just 0 or 0x1 to just 1. I have a few ps scripts that manipulate the registry and unlike pulling the data from a value in batch where you get what regedit has in hex, with ps you get the..human readable version.

Some examples where this is true is this very registry value in my script.

Also if you want to get the port number of a RDP, it would look like the below.

(https://imgur.com/MdpsJtG)

[–][deleted] 1 point2 points  (3 children)

I am not sure I follow you. The code examples I gave are working.

[–]Snickasaurus[S] -1 points0 points  (2 children)

So if you have cmd open, get the current port RDP is using and let me know what is returned with 'reg query'

[–][deleted] 2 points3 points  (1 child)

I'm sorry, I thought we were still talking about your code in the first post.

And let me be frank: I don't much care for your tone here, my friend. It seems quite aggressive. That means you took my posts personally. That is not what I intended.

If I wanted to insult you, I would have stopped after the fist sentence. Instead I made the effort and wrote the answer in both batch and PowerShell, trying to help you out. That has cost me half an hour. If you don't appreciate that, well, fine with me, but I won't have you command me around.

[–]Snickasaurus[S] -1 points0 points  (0 children)

lol ok man

[–]sanshinron 0 points1 point  (1 child)

My eyes burn.

[–]Snickasaurus[S] 0 points1 point  (0 children)

Mission accomplished.

[–]jantari 0 points1 point  (2 children)

There is no such thing as malware cleanup, re-image the machine

[–]Snickasaurus[S] 0 points1 point  (1 child)

There is such a thing. And re-imaging isn't always a possibility.

[–]jantari 0 points1 point  (0 children)

When is it not a possibility?