Merge remote-tracking branch 'origin/dev' into na-defender-toggle

Atlas-OS · Aug 4, 2023 · d375b5a · d375b5a
2 parents 7727fc7 + 6df1087
commit d375b5a
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 17 deletions.
diff --git a/...ral Configuration/UWP/Disable All UWP.cmd → ...ced Configuration/UWP/Disable All UWP.cmd b/...ral Configuration/UWP/Disable All UWP.cmd → ...ced Configuration/UWP/Disable All UWP.cmd
diff --git a/...eral Configuration/UWP/Enable All UWP.cmd → ...nced Configuration/UWP/Enable All UWP.cmd b/...eral Configuration/UWP/Enable All UWP.cmd → ...nced Configuration/UWP/Enable All UWP.cmd
diff --git a/... General Configuration/UWP/Start Menu.lnk → ...Advanced Configuration/UWP/Start Menu.lnk b/... General Configuration/UWP/Start Menu.lnk → ...Advanced Configuration/UWP/Start Menu.lnk
diff --git a/src/playbook/Executables/AtlasModules/Scripts/RunAsTI.cmd b/src/playbook/Executables/AtlasModules/Scripts/RunAsTI.cmd
@@ -16,32 +16,23 @@ if not defined run_by (
 goto RunAsTI-Elevate
 
 ----------------------------------------
-
 [CREDITS]
 - Adapted from https://github.com/AveYo/LeanAndMean
 - Revised and customized for Atlas by he3als & Xyueta
-- Added error checking and integration with script
+- Added error checking, an interface and quotes support
 
 [FEATURES]
 - Innovative HKCU load, no need for 'reg load' or unload ping-pong; programs get the user profile
 - Sets ownership privileges, high priority, and Explorer support; get System if TrustedInstaller is unavailable
 - Accepts special characters in paths for which default 'Run as Administrator' fails
 
-[LIMITATIONS]
-- Quoatation marks ("") in arguments will not work correctly
-
 [USAGE]
 - Put this at the top of your script:
 
-:: ------ Elevation ------ ::
-
 whoami /user | find /i "S-1-5-18" > nul 2>&1 || (
 	call RunAsTI.cmd "%~f0" "%*"
 	exit /b
 )
-
-:: ----------------------- ::
-
 ----------------------------------------
 
 :RunAsTI-Elevate
@@ -86,10 +77,10 @@ pause > nul
 goto RunAsTI-Elevate
 
 :RunAsTI
-set ^ #=& set "0=%~f0"& set 1=%*
-(for %%I in ("%~f0";%*) do @echo(%%~I) | PowerShell -NoProfile -Command "$argv = $input | ?{$_}; iex (${%~f0} | out-string)"
+set "0=%~f0" & set "1=%*"
+powershell -nop -c iex(gc """$env:0""" -Raw)
 set RunAsTI_Errorlevel=%errorlevel%
-if %RunAsTI_Errorlevel% == 1 (
+if %RunAsTI_Errorlevel%==1 (
 	goto RunAsTI-Fail
 ) else (
 	if %RunAsTI_Errorlevel%==2 (
@@ -103,20 +94,20 @@ if %RunAsTI_Errorlevel% == 1 (
 Try {
 function RunAsTI ($cmd,$arg) { $id='RunAsTI'; $key="Registry::HKU\$(((whoami /user)-split' ')[-1])\Volatile Environment"; $code=@'
  $I=[int32]; $M=$I.module.gettype("System.Runtime.Interop`Services.Mar`shal"); $P=$I.module.gettype("System.Int`Ptr"); $S=[string]
- $D=@(); $T=@(); $DM=[AppDomain]::CurrentDomain."DefineDynami`cAssembly"(1,1)."DefineDynami`cModule"(1); $Z=[uintptr]::size 
+ $D=@(); $T=@(); $DM=[AppDomain]::CurrentDomain."DefineDynami`cAssembly"(1,1)."DefineDynami`cModule"(1); $Z=[uintptr]::size
  0..5|% {$D += $DM."Defin`eType"("AveYo_$_",1179913,[ValueType])}; $D += [uintptr]; 4..6|% {$D += $D[$_]."MakeByR`efType"()}
  $F='kernel','advapi','advapi', ($S,$S,$I,$I,$I,$I,$I,$S,$D[7],$D[8]), ([uintptr],$S,$I,$I,$D[9]),([uintptr],$S,$I,$I,[byte[]],$I)
  0..2|% {$9=$D[0]."DefinePInvok`eMethod"(('CreateProcess','RegOpenKeyEx','RegSetValueEx')[$_],$F[$_]+'32',8214,1,$S,$F[$_+3],1,4)}
  $DF=($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$S,$S,$S,$I,$I,$I,$I,$I,$I,$I,$I,[int16],[int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I)
  1..5|% {$k=$_; $n=1; $DF[$_-1]|% {$9=$D[$k]."Defin`eField"('f' + $n++, $_, 6)}}; 0..5|% {$T += $D[$_]."Creat`eType"()}
- 0..5|% {nv "A$_" ([Activator]::CreateInstance($T[$_])) -fo}; function F ($1,$2) {$T[0]."G`etMethod"($1).invoke(0,$2)}   
+ 0..5|% {nv "A$_" ([Activator]::CreateInstance($T[$_])) -fo}; function F ($1,$2) {$T[0]."G`etMethod"($1).invoke(0,$2)}
  $TI=(whoami /groups)-like'*1-16-16384*'; $As=0; if(!$cmd) {$cmd='control';$arg='admintools'}; if ($cmd-eq'This PC'){$cmd='file:'}
  if (!$TI) {'TrustedInstaller','lsass','winlogon'|% {if (!$As) {$9=sc.exe start $_; $As=@(get-process -name $_ -ea 0|% {$_})[0]}}
  function M ($1,$2,$3) {$M."G`etMethod"($1,[type[]]$2).invoke(0,$3)}; $H=@(); $Z,(4*$Z+16)|% {$H += M "AllocHG`lobal" $I $_}
  M "WriteInt`Ptr" ($P,$P) ($H[0],$As.Handle); $A1.f1=131072; $A1.f2=$Z; $A1.f3=$H[0]; $A2.f1=1; $A2.f2=1; $A2.f3=1; $A2.f4=1
  $A2.f6=$A1; $A3.f1=10*$Z+32; $A4.f1=$A3; $A4.f2=$H[1]; M "StructureTo`Ptr" ($D[2],$P,[boolean]) (($A2 -as $D[2]),$A4.f2,$false)
  $Run=@($null, "powershell -win 1 -nop -c iex `$env:R; # $id", 0, 0, 0, 0x0E080600, 0, $null, ($A4 -as $T[4]), ($A5 -as $T[5]))
- F 'CreateProcess' $Run; return}; $env:R=''; rp $key $id -force; $priv=[diagnostics.process]."GetM`ember"('SetPrivilege',42)[0]   
+ F 'CreateProcess' $Run; return}; $env:R=''; rp $key $id -force; $priv=[diagnostics.process]."GetM`ember"('SetPrivilege',42)[0]
  'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege' |% {$priv.Invoke($null, @("$_",2))}
  $HKU=[uintptr][uint32]2147483651; $NT='S-1-5-18'; $reg=($HKU,$NT,8,2,($HKU -as $D[9])); F 'RegOpenKeyEx' $reg; $LNK=$reg[4]
  function L ($1,$2,$3) {sp 'HKLM:\Software\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}' 'RunAs' $3 -force -ea 0
@@ -130,7 +121,7 @@ function RunAsTI ($cmd,$arg) { $id='RunAsTI'; $key="Registry::HKU\$(((whoami /us
  if ($11bug) {[Windows.Forms.SendKeys]::SendWait($path)}; do {sleep 7} while(Q); L '.Default' $LNK 'Interactive User'
 '@; $V='';'cmd','arg','id','key'|%{$V+="`n`$$_='$($(gv $_ -val)-replace"'","''")';"}; sp $key $id $($V,$code) -type 7 -force -ea 0
  start powershell -args "-win 1 -nop -c `n$V `$env:R=(gi `$key -ea 0).getvalue(`$id)-join''; iex `$env:R" -verb runas
-}; $A=$env:1-split'"([^"]+)"|([^ ]+)',2|%{$_.Trim(' "')}; RunAsTI $A[1] $A[2]; #:RunAsTI lean & mean snippet by AveYo, 2022.01.28
+}; $A=$env:1-split'\W',2; RunAsTI $A[0] $A[1]; #:RunAsTI lean & mean snippet by AveYo, 2023.07.06
 }
 Catch {
 	Write-Host ""