From aec0b7b81de8edd5f1b0cd90f4f0501b554de2d9 Mon Sep 17 00:00:00 2001 From: Styris Date: Wed, 25 Oct 2023 00:05:34 -0700 Subject: [PATCH] Update to v0.7.4 --- .../Actions/CmdAction.cs | 7 ++-- .../Actions/PowershellAction.cs | 13 +++++--- .../Actions/RunAction.cs | 7 ++-- .../Actions/ServiceAction.cs | 14 +++++--- TrustedUninstaller.Shared/Globals.cs | 4 +-- TrustedUninstaller.Shared/ProcessPrivilege.cs | 5 ++- TrustedUninstaller.Shared/Win32.cs | 24 +++++++++++++- TrustedUninstaller.Shared/WinUtil.cs | 33 +++++++++++-------- 8 files changed, 75 insertions(+), 32 deletions(-) diff --git a/TrustedUninstaller.Shared/Actions/CmdAction.cs b/TrustedUninstaller.Shared/Actions/CmdAction.cs index 739190a..34cd7f7 100644 --- a/TrustedUninstaller.Shared/Actions/CmdAction.cs +++ b/TrustedUninstaller.Shared/Actions/CmdAction.cs @@ -18,7 +18,10 @@ namespace TrustedUninstaller.Shared.Actions if (InProgress) throw new TaskInProgressException("Another Cmd action was called while one was in progress."); InProgress = true; - Console.WriteLine($"Running cmd command '{Command}'..."); + var privilegeText = RunAs == Privilege.CurrentUser ? " as the current user" : RunAs == Privilege.CurrentUserElevated ? " as the current user elevated" : RunAs == Privilege.System ? + " as the system account" : ""; + + Console.WriteLine($"Running cmd command '{Command}'{privilegeText}..."); ExitCode = null; @@ -189,7 +192,7 @@ namespace TrustedUninstaller.Shared.Actions { WindowStyle = ProcessWindowStyle.Normal, FileName = "cmd.exe", - Arguments = "/C " + $"\"{Environment.ExpandEnvironmentVariables(this.Command)}\"", + Arguments = "/C " + $"{this.Command}", UseShellExecute = false, RedirectStandardError = true, RedirectStandardOutput = true, diff --git a/TrustedUninstaller.Shared/Actions/PowershellAction.cs b/TrustedUninstaller.Shared/Actions/PowershellAction.cs index 3c47f0f..3241d95 100644 --- a/TrustedUninstaller.Shared/Actions/PowershellAction.cs +++ b/TrustedUninstaller.Shared/Actions/PowershellAction.cs @@ -19,7 +19,10 @@ namespace TrustedUninstaller.Shared.Actions if (InProgress) throw new TaskInProgressException("Another Powershell action was called while one was in progress."); InProgress = true; - Console.WriteLine($"Running PowerShell command '{Command}'..."); + var privilegeText = RunAs == Privilege.CurrentUser ? " as the current user" : RunAs == Privilege.CurrentUserElevated ? " as the current user elevated" : RunAs == Privilege.System ? + " as the system account" : ""; + + Console.WriteLine($"Running PowerShel command '{Command}'{privilegeText}..."); WinUtil.CheckKph(); @@ -153,7 +156,7 @@ namespace TrustedUninstaller.Shared.Actions if (exitCode != 0) { Console.WriteLine($"PowerShell instance exited with error code: {exitCode}"); - if (!String.IsNullOrEmpty(StandardError)) Console.WriteLine($"Error message: {StandardError}"); + if (!String.IsNullOrWhiteSpace(StandardError)) Console.WriteLine($"Error message: {StandardError}"); ErrorLogger.WriteToErrorLog("PowerShell exited with a non-zero exit code: " + exitCode, null, "PowerShellAction Error", Command); @@ -161,7 +164,7 @@ namespace TrustedUninstaller.Shared.Actions } else { - if (!String.IsNullOrEmpty(StandardError)) Console.WriteLine($"Error output: {StandardError}"); + if (!String.IsNullOrWhiteSpace(StandardError)) Console.WriteLine($"Error output: {StandardError}"); ExitCode = 0; } @@ -242,7 +245,7 @@ namespace TrustedUninstaller.Shared.Actions if (process.ExitCode != 0) { Console.WriteLine($"PowerShell instance exited with error code: {process.ExitCode}"); - if (!String.IsNullOrEmpty(StandardError)) Console.WriteLine($"Error message: {StandardError}"); + if (!String.IsNullOrWhiteSpace(StandardError)) Console.WriteLine($"Error message: {StandardError}"); ErrorLogger.WriteToErrorLog("PowerShell exited with a non-zero exit code: " + process.ExitCode, null, "PowerShellAction Error", Command); @@ -250,7 +253,7 @@ namespace TrustedUninstaller.Shared.Actions } else { - if (!String.IsNullOrEmpty(StandardError)) Console.WriteLine($"Error output: {StandardError}"); + if (!String.IsNullOrWhiteSpace(StandardError)) Console.WriteLine($"Error output: {StandardError}"); ExitCode = 0; } diff --git a/TrustedUninstaller.Shared/Actions/RunAction.cs b/TrustedUninstaller.Shared/Actions/RunAction.cs index 6744e55..2f9019a 100644 --- a/TrustedUninstaller.Shared/Actions/RunAction.cs +++ b/TrustedUninstaller.Shared/Actions/RunAction.cs @@ -25,8 +25,11 @@ namespace TrustedUninstaller.Shared.Actions if (RawPath != null) RawPath = Environment.ExpandEnvironmentVariables(RawPath); InProgress = true; - if (Arguments == null) Console.WriteLine($"Running '{Exe}'..."); - else Console.WriteLine($"Running '{Exe}' with arguments '{Arguments}'..."); + var privilegeText = RunAs == Privilege.CurrentUser ? " as the current user" : RunAs == Privilege.CurrentUserElevated ? " as the current user elevated" : RunAs == Privilege.System ? + " as the system account" : ""; + + if (Arguments == null) Console.WriteLine($"Running '{Exe + privilegeText}'..."); + else Console.WriteLine($"Running '{Exe}' with arguments '{Arguments + privilegeText}'..."); WinUtil.CheckKph(); diff --git a/TrustedUninstaller.Shared/Actions/ServiceAction.cs b/TrustedUninstaller.Shared/Actions/ServiceAction.cs index a9d5105..a9450ba 100644 --- a/TrustedUninstaller.Shared/Actions/ServiceAction.cs +++ b/TrustedUninstaller.Shared/Actions/ServiceAction.cs @@ -316,18 +316,24 @@ namespace TrustedUninstaller.Shared.Actions if (AmeliorationUtil.UseKernelDriver) cmdAction.RunTaskOnMainThread(); } - } - else + } else if (Operation == ServiceOperation.Start) { try { - service.Stop(); + service.Start(); } catch (Exception e) { - ErrorLogger.WriteToErrorLog("Service stop failed: " + e.Message, e.StackTrace, "ServiceAction Warning", ServiceName); + ErrorLogger.WriteToErrorLog("Service start failed: " + e.Message, e.StackTrace, "ServiceAction Warning", ServiceName); } + cmdAction.Command = Environment.Is64BitOperatingSystem ? + $"ProcessHacker\\x64\\ProcessHacker.exe -s -elevate -c -ctype service -cobject {service.ServiceName} -caction start" : + $"ProcessHacker\\x86\\ProcessHacker.exe -s -elevate -c -ctype service -cobject {service.ServiceName} -caction start"; + if (AmeliorationUtil.UseKernelDriver) cmdAction.RunTaskOnMainThread(); + } + else + { cmdAction.Command = Environment.Is64BitOperatingSystem ? $"ProcessHacker\\x64\\ProcessHacker.exe -s -elevate -c -ctype service -cobject {service.ServiceName} -caction {Operation.ToString().ToLower()}" : $"ProcessHacker\\x86\\ProcessHacker.exe -s -elevate -c -ctype service -cobject {service.ServiceName} -caction {Operation.ToString().ToLower()}"; diff --git a/TrustedUninstaller.Shared/Globals.cs b/TrustedUninstaller.Shared/Globals.cs index fc98d44..716565d 100644 --- a/TrustedUninstaller.Shared/Globals.cs +++ b/TrustedUninstaller.Shared/Globals.cs @@ -9,8 +9,8 @@ namespace TrustedUninstaller.Shared { public class Globals { - public const string CurrentVersion = "0.7.3"; - public const double CurrentVersionNumber = 0.73; + public const string CurrentVersion = "0.7.4"; + public const double CurrentVersionNumber = 0.74; public static readonly int WinVer = Int32.Parse(Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion").GetValue("CurrentBuildNumber").ToString()); diff --git a/TrustedUninstaller.Shared/ProcessPrivilege.cs b/TrustedUninstaller.Shared/ProcessPrivilege.cs index 6a75791..eba6493 100644 --- a/TrustedUninstaller.Shared/ProcessPrivilege.cs +++ b/TrustedUninstaller.Shared/ProcessPrivilege.cs @@ -157,8 +157,7 @@ namespace TrustedUninstaller.Shared if (lsassToken.DangerousGetHandle() == IntPtr.Zero) { - - var processHandle = Process.GetProcessesByName("lsass").First().Handle; + var processHandle = Win32.Process.OpenProcess(Win32.Process.ProcessAccessFlags.QueryLimitedInformation, false, Process.GetProcessesByName("lsass").First().Id); if (!Win32.Tokens.OpenProcessToken(processHandle, Win32.Tokens.TokenAccessFlags.TOKEN_DUPLICATE | Win32.Tokens.TokenAccessFlags.TOKEN_ASSIGN_PRIMARY | @@ -383,7 +382,7 @@ namespace TrustedUninstaller.Shared try { - var processHandle = Process.GetProcessesByName("winlogon").First().Handle; + var processHandle = Win32.Process.OpenProcess(Win32.Process.ProcessAccessFlags.QueryLimitedInformation, false, Process.GetProcessesByName("winlogon").First().Id); if (!Win32.Tokens.OpenProcessToken(processHandle, Win32.Tokens.TokenAccessFlags.TOKEN_DUPLICATE | Win32.Tokens.TokenAccessFlags.TOKEN_ASSIGN_PRIMARY | Win32.Tokens.TokenAccessFlags.TOKEN_QUERY | Win32.Tokens.TokenAccessFlags.TOKEN_IMPERSONATE, diff --git a/TrustedUninstaller.Shared/Win32.cs b/TrustedUninstaller.Shared/Win32.cs index 7dbc1ab..bfc7be0 100644 --- a/TrustedUninstaller.Shared/Win32.cs +++ b/TrustedUninstaller.Shared/Win32.cs @@ -904,7 +904,29 @@ namespace TrustedUninstaller.Shared string lpApplicationName, string lpCommandLine, ProcessCreationFlags dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); - + + [DllImport("kernel32.dll", SetLastError = true)] + internal static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, + bool bInheritHandle, int dwProcessId); + + [Flags] + internal enum ProcessAccessFlags : uint + { + All = 0x001F0FFF, + Terminate = 0x00000001, + CreateThread = 0x00000002, + VirtualMemoryOperation = 0x00000008, + VirtualMemoryRead = 0x00000010, + VirtualMemoryWrite = 0x00000020, + DuplicateHandle = 0x00000040, + CreateProcess = 0x000000080, + SetQuota = 0x00000100, + SetInformation = 0x00000200, + QueryInformation = 0x00000400, + QueryLimitedInformation = 0x00001000, + Synchronize = 0x00100000 + } + public enum LogonFlags { WithProfile = 1, diff --git a/TrustedUninstaller.Shared/WinUtil.cs b/TrustedUninstaller.Shared/WinUtil.cs index 162448a..40ee645 100644 --- a/TrustedUninstaller.Shared/WinUtil.cs +++ b/TrustedUninstaller.Shared/WinUtil.cs @@ -649,20 +649,27 @@ namespace TrustedUninstaller.Shared } } - public static async void CheckKph() + public static void CheckKph() { - if (!AmeliorationUtil.UseKernelDriver || new RegistryKeyAction() { KeyName = @"HKLM\SYSTEM\CurrentControlSet\Services\KProcessHacker2", Operation = RegistryKeyOperation.Add }.GetStatus() == UninstallTaskStatus.Completed) - return; + try + { + if (!AmeliorationUtil.UseKernelDriver || new RegistryKeyAction() { KeyName = @"HKLM\SYSTEM\CurrentControlSet\Services\KProcessHacker2", Operation = RegistryKeyOperation.Add }.GetStatus() == UninstallTaskStatus.Completed) + return; - Console.WriteLine(Environment.NewLine + "Installing driver..."); - var cmdAction = new CmdAction(); - cmdAction.Command = Environment.Is64BitOperatingSystem - ? $"ProcessHacker\\x64\\ProcessHacker.exe -s -installkph" - : $"ProcessHacker\\x86\\ProcessHacker.exe -s -installkph"; - cmdAction.RunTaskOnMainThread(); + Console.WriteLine(Environment.NewLine + "Installing driver..."); + var cmdAction = new CmdAction(); + cmdAction.Command = Environment.Is64BitOperatingSystem + ? $"ProcessHacker\\x64\\ProcessHacker.exe -s -installkph" + : $"ProcessHacker\\x86\\ProcessHacker.exe -s -installkph"; + cmdAction.RunTaskOnMainThread(); - await AmeliorationUtil.SafeRunAction(new RegistryValueAction() - { KeyName = @"HKLM\SYSTEM\CurrentControlSet\Services\KProcessHacker2", Value = "DeleteFlag", Type = RegistryValueType.REG_DWORD, Data = 1 }); + AmeliorationUtil.SafeRunAction(new RegistryValueAction() + { KeyName = @"HKLM\SYSTEM\CurrentControlSet\Services\KProcessHacker2", Value = "DeleteFlag", Type = RegistryValueType.REG_DWORD, Data = 1 }).Wait(); + } + catch (Exception e) + { + ErrorLogger.WriteToErrorLog("Error checking kernel driver: " + e.Message, e.StackTrace, "Warning"); + } } private const int GWL_STYLE = -16; @@ -782,7 +789,7 @@ namespace TrustedUninstaller.Shared private static bool HivesHooked; private static int HivesLoaded; - public static async void HookUserHives() + public static void HookUserHives() { try { @@ -855,7 +862,7 @@ namespace TrustedUninstaller.Shared } } - public static async void UnhookUserHives() + public static void UnhookUserHives() { try {