Skip to content
Newer
Older
100644 328 lines (255 sloc) 9.49 KB
4abd836 @riverar Initial import
authored Feb 2, 2013
1 #requires -Version 3.0
2
7299fa2 @thoemmi load System.Web assembly
thoemmi authored Apr 18, 2013
3 Add-Type -AssemblyName System.Web
4
4abd836 @riverar Initial import
authored Feb 3, 2013
5 function Suspend-CertifiedDeviceChecks
6 {
7 $_unwind = New-Object Collections.Stack
8
9 function Add-ToUnwind()
10 {
11 param([Parameter(Mandatory = $true)][ScriptBlock]$Code)
12
13 $_unwind.Push($Code)
14 }
15
16 function Invoke-Unwind()
17 {
18 if($_unwind.Count -gt 0) {
19 $_unwind | % { $_.Invoke() | Out-Null }
20 }
21
22 $_unwind.Clear()
23 }
24
25 function Test-Administrator()
26 {
27 $user = [Security.Principal.WindowsIdentity]::GetCurrent()
28 (New-Object Security.Principal.WindowsPrincipal $user).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
29 }
30
31 if(!(Test-Administrator)) {
32 Write-Error "Elevated permissions are required to run this script."
33 return
34 }
35
36 if(![Environment]::Is64BitProcess) {
37 Write-Error "Script requires a 64-bit operating system."
38 return
39 }
40
41 Add-Type -Name Win32 -Namespace $Null -PassThru -MemberDefinition @"
42 [DllImport("kernel32")]
43 [return: MarshalAs(UnmanagedType.Bool)]
44 public static extern bool WriteProcessMemory(
45 IntPtr hProcess,
46 IntPtr lpBaseAddress,
47 byte[] lpBuffer,
48 uint nSize,
49 IntPtr lpNumberOfBytesWritten);
50
51 [Flags]
52 public enum ProcessAccessFlags
53 {
54 // ...
55 All = 0x001F0FFF
56 // ...
57 }
58
59 [DllImport("kernel32")]
60 public static extern IntPtr OpenProcess(
61 uint dwDesiredAccess,
62 [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle,
63 uint dwProcessId);
64
65 [DllImport("kernel32")]
66 [return: MarshalAs(UnmanagedType.Bool)]
67 public static extern bool CloseHandle(
68 IntPtr hObject);
69
70 [Flags]
71 public enum CreationFlags : uint
72 {
73 None = 0
74 }
75
76 [DllImport("kernel32")]
77 public static extern IntPtr CreateRemoteThread(
78 IntPtr hProcess,
79 IntPtr lpThreadAttributes,
80 uint dwStackSize,
81 IntPtr lpStartAddress,
82 IntPtr lpParameter,
83 uint dwCreationFlags,
84 IntPtr lpThreadId);
85
86 [Flags]
87 public enum AllocationType
88 {
89 Commit = 0x1000,
90 Reserve = 0x2000,
91 Decommit = 0x4000,
92 Release = 0x8000,
93 // ...
94 }
95
96 [Flags]
97 public enum MemoryProtection
98 {
99 // ...
100 ExecuteReadWrite = 0x40,
101 ExecuteWriteCopy = 0x80,
102 // ...
103 }
104
105 [DllImport("kernel32")]
106 public static extern IntPtr VirtualAllocEx(
107 IntPtr hProcess,
108 IntPtr lpAddress,
109 uint dwSize,
110 uint flAllocationType,
111 uint flProtect);
112
113 [DllImport("kernel32", EntryPoint="GetModuleHandleW")]
114 public static extern IntPtr GetModuleHandle(
115 [MarshalAs(UnmanagedType.LPWStr)] string lpModuleName);
116
117 [DllImport("kernel32")]
118 public static extern IntPtr GetProcAddress(
119 IntPtr hModule,
120 [MarshalAs(UnmanagedType.LPStr)] string lpProcName);
121
122 [DllImport("kernel32")]
123 public static extern uint GetLastError();
124
125 public enum WaitResult
126 {
127 // ...
128 WaitObject0 = 0x0
129 // ...
130 }
131
132 [DllImport("kernel32")]
133 public static extern uint WaitForSingleObject(
134 IntPtr hHandle, uint dwMilliseconds);
135
136 [DllImport("kernel32")]
137 [return: MarshalAs(UnmanagedType.Bool)]
138 public static extern bool VirtualFreeEx(
139 IntPtr hProcess,
140 IntPtr lpAddress,
141 uint dwSize,
142 uint dwFreeType);
143 "@ | Out-Null
144
145 #
146 # Find the Device Setup Manager service
147 #
148
149 Start-Service DsmSvc
150
151 $svcpid = Get-WmiObject Win32_Service | ? { $_.Name -eq "DsmSvc" } | Select -ExpandProperty ProcessId
152
153 if(!$svcpid) {
154 Write-Error "Failed to latch onto the Device Setup Manager service. Is it disabled?"
155 return
156 }
157
158 $svchandle = [Win32]::OpenProcess([Win32+ProcessAccessFlags]::All, $false, $svcpid)
159
160 if(!$svchandle) {
161 Write-Error "Failed to open svchost process."
162 return
163 }
164
165 Add-ToUnwind { [Win32]::CloseHandle($svchandle) }
166
167 #
168 # Load DevPropMgr.dll (and leave it loaded)
169 #
170
171 $dll = [Text.Encoding]::Unicode.GetBytes("DevPropMgr.dll")
172 $mem = [Win32]::VirtualAllocEx($svchandle, [IntPtr]::Zero, $dll.Length, ([Win32+AllocationType]::Reserve -bor [Win32+AllocationType]::Commit),
173 [Win32+MemoryProtection]::ExecuteReadWrite)
174
175 if(!$mem) {
176 Write-Error "Failed to allocate a chunk of memory in svchost."
177 Invoke-Unwind
178 return
179 }
180
181 Add-ToUnwind { [Win32]::VirtualFreeEx($svchandle, $mem, 0, [Win32]::AllocationType::Release) }
182
183 if(![Win32]::WriteProcessMemory($svchandle, $mem, $dll, $dll.Length, [IntPtr]::Zero)) {
184 Write-Error "Failed to write to allocated memory in svchost."
185 Invoke-Unwind
186 return
187 }
188
189 $loadlibrary = [Win32]::GetProcAddress([Win32]::GetModuleHandle("kernel32"), "LoadLibraryW")
190
191 if(!$loadlibrary) {
192 Write-Error "Failed to locate kernel32!LoadLibraryW, is this a supported OS?"
193 Invoke-Unwind
194 return
195 }
196
197 $thread = [Win32]::CreateRemoteThread($svchandle, [IntPtr]::Zero, 0, $loadlibrary, $mem, [Win32+CreationFlags]::None, [IntPtr]::Zero)
198
199 if(!$thread) {
200 Write-Error "Failed to create remote thread."
201 Invoke-Unwind
202 return
203 }
204
205 if([Win32]::WaitForSingleObject($thread, [TimeSpan]::FromSeconds(10).Milliseconds) -ne [Win32+WaitResult]::WaitObject0) {
206 Write-Warning "Remote thread terminated unexpectedly, strangeness may follow."
207 }
208
209 #
210 # Patch DevPropMgr!_CheckSignature
211 #
212
213 $addr = Get-Process -Id $svcpid | Select -ExpandProperty Modules | ? { $_.ModuleName -eq "DevPropMgr.dll" } | Select -ExpandProperty BaseAddress
214
215 if(!$addr) {
216 Write-Error "Failed to locate DevPropMgr.dll module in svchost."
217 Invoke-Unwind
218 return
219 }
220
221 # Shelved patch for Windows RT
222 # $patchbytes = [Byte[]](0x00, 0x25) # armasm: movs r5, #0
223 # [Win32]::WriteProcessMemory($svchandle, [IntPtr]::Add($addr, 0xEABC), $patchbytes, $patchbytes.Length, [IntPtr]::Zero)
224
225 # Patch for Windows 8 x64
226 $patchbytes = [Byte[]](0x33, 0xDB, 0x85, 0xDB) # x86-64 asm: xor ebx,ebx | test ebx, ebx
227 if(![Win32]::WriteProcessMemory($svchandle, [IntPtr]::Add($addr, 0x1466B), $patchbytes, $patchbytes.Length, [IntPtr]::Zero)) {
228 Write-Error "Failed to fiddle with svchost memory."
229 Invoke-Unwind
230 return
231 }
232
233 #
234 # Cleanup
235 #
236
237 Invoke-Unwind
238 Write-Host "OK."
239 }
240
241 function Get-MediaRenderers()
242 {
aee14f7 @stebet Fixing Get-MediaRenderers again.
stebet authored Feb 20, 2013
243 Get-WmiObject Win32_PnPEntity | ? { $_.CompatibleID -Like "*MediaRenderer*" -or $_.CompatibleID -Like "*\MS_*DMR*" } | Select Name, HardwareID
4abd836 @riverar Initial import
authored Feb 3, 2013
244 }
245
246 function New-DeviceMetadata()
247 {
248
249 param(
250 [Parameter(ValueFromPipeline = $true, Mandatory = $true)]
251 [String]$DeviceId,
252
253 [Switch]$Install
254 )
255
256 $device = Get-WmiObject Win32_PnPEntity | ? { $_.HardwareID -Contains $DeviceId } | Select Name, Manufacturer, HardwareID
257
258 if(!$device)
259 {
260 Write-Error "Failed to locate device with specified hardware ID. Is the device on?"
261 return
262 }
263
264 $scratch = "$(([Guid]::NewGuid() | Select -exp Guid).Remove(23))-00000ca710af"
265
266 New-Item $scratch -ItemType Directory | Out-Null
267 Copy-Item .\template\* $scratch -Recurse -Force
268
269 $pkginfo = "$scratch\PackageInfo.xml"
270
271 (Get-Content $pkginfo | ForEach {
7972b08 @stebet Change Get-MediaRenderers, HtmlEncoding to HwID
stebet authored Feb 19, 2013
272 $buffer = $_ -replace "{hwid}", [System.Web.HttpUtility]::HtmlEncode("DOID:$($device.HardwareID[0])")
4abd836 @riverar Initial import
authored Feb 3, 2013
273 $buffer = $buffer -replace "{lastmodified}", ([DateTime]::UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'"))
274 $buffer -replace "{experienceid}", $scratch }) | Out-File $pkginfo -Encoding utf8
275
276 $devinfo = "$scratch\DeviceInfo\DeviceInfo.xml"
277
278 (Get-Content $devinfo | ForEach {
279 $buffer = $_ -replace "{model}", $device.Name
280 $buffer -replace "{manufacturer}", $device.Manufacturer }) | Out-File $devinfo -Encoding utf8
281
282 Get-Item -Path $scratch | New-Cab | Move-Item -Destination ".\$scratch.devicemetadata-ms"
283
284 if($Install) {
285 Copy-Item "$scratch.devicemetadata-ms" "$env:ProgramData\Microsoft\Windows\DeviceMetadataStore\en-US" -Force
286 }
287
288 Remove-Item $scratch -Force -Recurse
289
290 Write-Host "OK."
291 }
292
293 function New-Cab()
294 {
295 param(
296 [Parameter(ValueFromPipeline=$True, Mandatory=$True)]
297 [IO.DirectoryInfo]$Directory,
298
299 [ValidateSet("MSZIP", "LZX")]
300 [String]$Algorithm = "MSZIP"
301 )
302
303 $uri = New-Object Uri ("$($Directory.FullName)\", [UriKind]::Absolute)
304 $files = $Directory.GetFiles("*.*", [IO.SearchOption]::AllDirectories) | % {
305
306 # Each file entry must appear as so: <outside cab path> <inside cab path>
307 $entry = $($uri.MakeRelativeUri($_.FullName).OriginalString) -replace "/", "\"
308 "`"$($_.FullName)`" `"$entry`"`n"
309 }
310
311 $guid = "$([Guid]::NewGuid() | Select -exp Guid)"
312 $ddf = "$env:Temp\$guid.ddf"
313
314 "
315 .Set CabinetNameTemplate=`"$guid.cab`"
316 .Set DiskDirectoryTemplate=`"$env:Temp`"
317 .Set RptFileName=`"$ddf`:rpt`"
318 .Set InfFileName=`"$ddf`:inf`"
319 .Set CompressionType=$Algorithm
320 $files
321 " | New-Item -ItemType File $ddf | Out-Null
322
323 MakeCab /F "$ddf" | Out-Null
324 Remove-Item $ddf -Force | Out-Null
325
326 New-Object IO.FileInfo "$env:Temp\$guid.cab"
327 }
Something went wrong with that request. Please try again.