Compare commits
6 Commits
fae0863f7e
...
7fb6657378
Author | SHA1 | Date |
---|---|---|
Fierelier | 7fb6657378 | |
Fierelier | 689c562dfb | |
Fierelier | 693bf97255 | |
Fierelier | 4077ba1bf3 | |
Fierelier | 525b8d46e5 | |
Fierelier | 9bb5f8b1af |
|
@ -1,2 +1,4 @@
|
|||
__pycache__/
|
||||
hmods-*/
|
||||
hmods-*/
|
||||
path/
|
||||
tmp/
|
|
@ -1,17 +1,20 @@
|
|||
@echo off
|
||||
setlocal enabledelayedexpansion
|
||||
setlocal
|
||||
cd /d "%~dp0"
|
||||
set path=%cd%\path;%path%
|
||||
|
||||
REM Location to your py.exe/python.exe - If the Python launcher is installed (fairly likely), py should suffice.
|
||||
REM If Python does not launch, set this to the full path if your python.exe, like so:
|
||||
REM set pyexe=C:\Program Files\Python38\python.exe
|
||||
set pyexe=py
|
||||
|
||||
echo WARNING! This will apply opus-nt to your currently running OS.
|
||||
echo On Windows 10, make sure to disable tamper protection.
|
||||
pause
|
||||
advancedrun /exefilename "cmd.exe" /commandline '/c "set path=%path% & call "%pyexe%" run.py online"' /startdirectory "%cd%" /runas 4 /waitprocess 1 /run
|
||||
advancedrun /exefilename "cmd.exe" /commandline '/c "set path=%path% & call "%pyexe%" run.py online modpath=mods-trustedInstaller"' /startdirectory "%cd%" /runas 8 /waitprocess 1 /run
|
||||
advancedrun /exefilename "cmd.exe" /commandline '/c "set path=%path% & call "%pyexe%" run.py online modpath=mods-online"' /startdirectory "%cd%" /runas 4 /waitprocess 1 /run
|
||||
call "%pyexe%" run.py online
|
||||
if not "%errorlevel%" == "0" goto error
|
||||
call "%pyexe%" run.py online modpath=mods-trustedInstaller
|
||||
if not "%errorlevel%" == "0" goto error
|
||||
call "%pyexe%" run.py online modpath=mods-online
|
||||
if not "%errorlevel%" == "0" goto error
|
||||
goto exit
|
||||
|
||||
:error
|
||||
echo An error occured.
|
||||
goto exit
|
||||
|
||||
:exit
|
||||
pause
|
|
@ -0,0 +1,29 @@
|
|||
@echo off
|
||||
setlocal enabledelayedexpansion
|
||||
cd /d "%~dp0"
|
||||
REM Ask for wim file, if not set
|
||||
set "wim=%~2"
|
||||
if "%wim%" == "" (
|
||||
set /p "wim=.wim: "
|
||||
set wim=!wim:"=!
|
||||
)
|
||||
|
||||
REM Ask for wim index, if not set
|
||||
set "index=%~3"
|
||||
if "%index%" == "" (
|
||||
set /p "index=Index (* for all): "
|
||||
set index=!index:"=!
|
||||
)
|
||||
|
||||
call "%pyexe%" run.py wim="%wim%" index=%index%
|
||||
if not "%errorlevel%" == "0" goto error
|
||||
call "%pyexe%" run.py wim="%wim%" index=%index% modpath=mods-trustedInstaller
|
||||
if not "%errorlevel%" == "0" goto error
|
||||
goto exit
|
||||
|
||||
:error
|
||||
echo An error occured.
|
||||
goto exit
|
||||
|
||||
:exit
|
||||
pause
|
28
run.bat
28
run.bat
|
@ -1,28 +0,0 @@
|
|||
@echo off
|
||||
setlocal enabledelayedexpansion
|
||||
cd /d "%~dp0"
|
||||
set path=%cd%\path;%path%
|
||||
|
||||
REM Location to your py.exe/python.exe - If the Python launcher is installed (fairly likely), py should suffice.
|
||||
REM If Python does not launch, set this to the full path if your python.exe, like so:
|
||||
REM set pyexe=C:\Program Files\Python38\python.exe
|
||||
set pyexe=py
|
||||
|
||||
REM Ask for wim file, if not set
|
||||
set wim=%~1
|
||||
if "%wim%" == "" (
|
||||
set /p "wim=.wim: "
|
||||
set wim=!wim:"=!
|
||||
)
|
||||
|
||||
REM Ask for wim index, if not set
|
||||
set index=%~2
|
||||
if "%index%" == "" (
|
||||
set /p "index=Index (* for all): "
|
||||
set index=!index:"=!
|
||||
)
|
||||
|
||||
set pyexe=%pyexe:"=%
|
||||
advancedrun /exefilename "cmd.exe" /commandline '/c "set path=%path% & call "%pyexe%" run.py wim="%wim%" index=%index%"' /startdirectory "%cd%" /runas 4 /waitprocess 1 /run
|
||||
advancedrun /exefilename "cmd.exe" /commandline '/c "set path=%path% & call "%pyexe%" run.py wim="%wim%" index=%index% modpath=mods-trustedInstaller"' /startdirectory "%cd%" /runas 8 /waitprocess 1 /run
|
||||
pause
|
5
run.py
5
run.py
|
@ -173,9 +173,12 @@ def main():
|
|||
for root,dirs,files in os.walk(userPath):
|
||||
for file in dirs:
|
||||
ffile = p(userPath,file)
|
||||
tfile = ffile.replace(opusnt.tmpPath + os.path.sep,"",1)
|
||||
if opusnt.target["type"] == "online":
|
||||
tfile = tfile.replace(opusnt.target["path"] + os.path.sep,"",1)
|
||||
user = ffile.replace(userPath + os.path.sep,"",1)
|
||||
if os.path.isfile(p(ffile,"ntuser.dat")):
|
||||
regs["user-" +user] = p(ffile,"ntuser.dat")
|
||||
regs["user-" +user] = p(tfile,"ntuser.dat")
|
||||
break
|
||||
|
||||
printStatus("mounting registry hives...")
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
@echo off
|
||||
setlocal
|
||||
cd /d "%~dp0"
|
||||
title TrustedInstaller Shell
|
||||
|
||||
REM SETTINGS
|
||||
REM
|
||||
REM Location to your py.exe/python.exe - If the Python launcher is installed (fairly likely), py should suffice.
|
||||
REM If Python does not launch, set this to the full path if your python.exe, like so:
|
||||
REM set pyexe=C:\Program Files\Python38\python.exe
|
||||
set "pyexe=py"
|
||||
REM
|
||||
REM SETTINGS END
|
||||
|
||||
if not "%~1" == "-ti-run" (
|
||||
call :RunAsTI cmd "/k cd "%cd%" & call ti-shell.bat -ti-run %* -ti-dummy"
|
||||
exit /b
|
||||
)
|
||||
|
||||
endlocal & set "pyexe=%pyexe%"
|
||||
set "pyexe=%pyexe:"=%"
|
||||
set "path=%cd%\path;%path%"
|
||||
set "cmd=%*"
|
||||
set "cmd=%cmd:-ti-run =%"
|
||||
set "cmd=%cmd:-ti-run=%"
|
||||
set "cmd=%cmd: -ti-dummy=%"
|
||||
%cmd%
|
||||
|
||||
:exit
|
||||
exit /b
|
||||
|
||||
:RunAsTI
|
||||
#:RunAsTI snippet to run as TI/System, with innovative HKCU load, ownership privileges, high priority, and explorer support
|
||||
set ^ #=& set "0=%~f0"& set 1=%*& powershell -c iex(([io.file]::ReadAllText($env:0)-split'#\:RunAsTI .*')[1])& exit /b
|
||||
function RunAsTI ($cmd,$arg) { $id='RunAsTI'; $key="Registry::HKU\$(((whoami /user)-split' ')[-1])\Volatile Environment"; $code=@'
|
||||
$I=[int32]; $M=$I.module.gettype("System.Runtime.Interop`Services.Mar`shal"); $P=$I.module.gettype("System.Int`Ptr"); $S=[string]
|
||||
$D=@(); $T=@(); $DM=[AppDomain]::CurrentDomain."DefineDynami`cAssembly"(1,1)."DefineDynami`cModule"(1); $Z=[uintptr]::size
|
||||
0..5|% {$D += $DM."Defin`eType"("AveYo_$_",1179913,[ValueType])}; $D += [uintptr]; 4..6|% {$D += $D[$_]."MakeByR`efType"()}
|
||||
$F='kernel','advapi','advapi', ($S,$S,$I,$I,$I,$I,$I,$S,$D[7],$D[8]), ([uintptr],$S,$I,$I,$D[9]),([uintptr],$S,$I,$I,[byte[]],$I)
|
||||
0..2|% {$9=$D[0]."DefinePInvok`eMethod"(('CreateProcess','RegOpenKeyEx','RegSetValueEx')[$_],$F[$_]+'32',8214,1,$S,$F[$_+3],1,4)}
|
||||
$DF=($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$S,$S,$S,$I,$I,$I,$I,$I,$I,$I,$I,[int16],[int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I)
|
||||
1..5|% {$k=$_; $n=1; $DF[$_-1]|% {$9=$D[$k]."Defin`eField"('f' + $n++, $_, 6)}}; 0..5|% {$T += $D[$_]."Creat`eType"()}
|
||||
0..5|% {nv "A$_" ([Activator]::CreateInstance($T[$_])) -fo}; function F ($1,$2) {$T[0]."G`etMethod"($1).invoke(0,$2)}
|
||||
$TI=(whoami /groups)-like'*1-16-16384*'; $As=0; if(!$cmd) {$cmd='control';$arg='admintools'}; if ($cmd-eq'This PC'){$cmd='file:'}
|
||||
if (!$TI) {'TrustedInstaller','lsass','winlogon'|% {if (!$As) {$9=sc.exe start $_; $As=@(get-process -name $_ -ea 0|% {$_})[0]}}
|
||||
function M ($1,$2,$3) {$M."G`etMethod"($1,[type[]]$2).invoke(0,$3)}; $H=@(); $Z,(4*$Z+16)|% {$H += M "AllocHG`lobal" $I $_}
|
||||
M "WriteInt`Ptr" ($P,$P) ($H[0],$As.Handle); $A1.f1=131072; $A1.f2=$Z; $A1.f3=$H[0]; $A2.f1=1; $A2.f2=1; $A2.f3=1; $A2.f4=1
|
||||
$A2.f6=$A1; $A3.f1=10*$Z+32; $A4.f1=$A3; $A4.f2=$H[1]; M "StructureTo`Ptr" ($D[2],$P,[boolean]) (($A2 -as $D[2]),$A4.f2,$false)
|
||||
$Run=@($null, "powershell -win 1 -nop -c iex `$env:R; # $id", 0, 0, 0, 0x0E080600, 0, $null, ($A4 -as $T[4]), ($A5 -as $T[5]))
|
||||
F 'CreateProcess' $Run; return}; $env:R=''; rp $key $id -force; $priv=[diagnostics.process]."GetM`ember"('SetPrivilege',42)[0]
|
||||
'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege' |% {$priv.Invoke($null, @("$_",2))}
|
||||
$HKU=[uintptr][uint32]2147483651; $NT='S-1-5-18'; $reg=($HKU,$NT,8,2,($HKU -as $D[9])); F 'RegOpenKeyEx' $reg; $LNK=$reg[4]
|
||||
function L ($1,$2,$3) {sp 'HKLM:\Software\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}' 'RunAs' $3 -force -ea 0
|
||||
$b=[Text.Encoding]::Unicode.GetBytes("\Registry\User\$1"); F 'RegSetValueEx' @($2,'SymbolicLinkValue',0,6,[byte[]]$b,$b.Length)}
|
||||
function Q {[int](gwmi win32_process -filter 'name="explorer.exe"'|?{$_.getownersid().sid-eq$NT}|select -last 1).ProcessId}
|
||||
$11bug=($((gwmi Win32_OperatingSystem).BuildNumber)-eq'22000')-AND(($cmd-eq'file:')-OR(test-path -lit $cmd -PathType Container))
|
||||
if ($11bug) {'System.Windows.Forms','Microsoft.VisualBasic' |% {[Reflection.Assembly]::LoadWithPartialName("'$_")}}
|
||||
if ($11bug) {$path='^(l)'+$($cmd -replace '([\+\^\%\~\(\)\[\]])','{$1}')+'{ENTER}'; $cmd='control.exe'; $arg='admintools'}
|
||||
L ($key-split'\\')[1] $LNK ''; $R=[diagnostics.process]::start($cmd,$arg); if ($R) {$R.PriorityClass='High'; $R.WaitForExit()}
|
||||
if ($11bug) {$w=0; do {if($w-gt40){break}; sleep -mi 250;$w++} until (Q); [Microsoft.VisualBasic.Interaction]::AppActivate($(Q))}
|
||||
if ($11bug) {[Windows.Forms.SendKeys]::SendWait($path)}; do {sleep 7} while(Q); L '.Default' $LNK 'Interactive User'
|
||||
'@; $V='';'cmd','arg','id','key'|%{$V+="`n`$$_='$($(gv $_ -val)-replace"'","''")';"}; sp $key $id $($V,$code) -type 7 -force -ea 0
|
||||
start powershell -args "-win 1 -nop -c `n$V `$env:R=(gi `$key -ea 0).getvalue(`$id)-join''; iex `$env:R" -verb runas
|
||||
}; $A=$env:1-split'"([^"]+)"|([^ ]+)',2|%{$_.Trim(' "')}; RunAsTI $A[1] $A[2]; #:RunAsTI lean & mean snippet by AveYo, 2022.01.28
|
Loading…
Reference in New Issue