Internal Error: Get-RegistryMRU use the wrong data type for numbers

Question

Internal Error: Get-RegistryMRU use the wrong data type for numbers

kmahyyg opened this issue 3 years ago · comments

Started Get-RegistryMRU at 2021-12-14 18:53:24Z
Cannot convert value "27979" to type "System.Byte". Error: "Value was either too large or too small for an
unsigned byte."
    + CategoryInfo          : InvalidArgument: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvalidCastIConvertible
    + PSComputerName        : 127.0.0.1

Name                           Value
----                           -----
PSVersion                      5.1.19041.1320
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.1320
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Windows 10 Build 19043 Enterprise

Patrick Young · Answer 1 · Tue Dec 14 2021 19:08:01 GMT+0800 (China Standard Time)

Also, Get-MAC stucked for so long, at least about 5mins, The wsmprovhost.exe eats about 1GiB memory when executing. After checking src, I think it should not be run by default when running Invoke-Meerkat.

Tony Phipps · Answer 2 · Sat Feb 12 2022 06:13:41 GMT+0800 (China Standard Time)

Would you mind sharing the command used to execute?

Tony Phipps · Answer 3 · Sat Feb 12 2022 06:21:07 GMT+0800 (China Standard Time)

The underlying command for get-mac is fairly straightforward:

$Path = "$ENV:SystemDrive\Users"
Get-ChildItem -Path $Path -File -Recurse

If this command takes a long time on the same system, it explains why the Get-MAC module take a long time. Note the hash option takes significantly longer, which is unavoidable if needed.

Tony Phipps · Answer 4 · Sat Feb 12 2022 06:27:02 GMT+0800 (China Standard Time)

The original error with Get-RegistryMRU will be difficult to reproduce, and does not occur on any system I've encountered. It's possible a try statement on line 163 inside the foreach-object may fix the issue, but I'd rather not troubleshoot blindly.

line 163

$asciiArray = $hexArray | ForEach-Object { [CHAR][BYTE]([CONVERT]::toint32($_,16)) }

Patrick Young · Answer 5 · Sat Feb 12 2022 12:41:58 GMT+0800 (China Standard Time)

Would you mind sharing the command used to execute?

Just load the psm file and run Invoke-Meerkat

Patrick Young · Answer 6 · Sat Feb 12 2022 12:44:45 GMT+0800 (China Standard Time)

The original error with Get-RegistryMRU will be difficult to reproduce, and does not occur on any system I've encountered. It's possible a try statement on line 163 inside the foreach-object may fix the issue, but I'd rather not troubleshoot blindly.

line 163
$asciiArray = $hexArray | ForEach-Object { [CHAR][BYTE]([CONVERT]::toint32($_,16)) }

I run the original version on my personal PC, since I've no idea with powershell itself, may I send you the related registry file exported from my PC? Will it be helpful for diagnostics?