From 50e1192c743eed171387af62cca0a21c2a873e0f Mon Sep 17 00:00:00 2001 From: Dmitry Nefedov Date: Mon, 23 Sep 2024 00:53:54 +0300 Subject: [PATCH] `TaskbarWidgets` & `NewsInterests` re-written to bypass UCPD driver restrictions --- .../Module/Sophia.psm1 | 90 ++++++++++++++++--- .../Module/Sophia.psm1 | 90 ++++++++++++++++--- .../Module/Sophia.psm1 | 33 +++---- .../Module/Sophia.psm1 | 33 +++---- 4 files changed, 182 insertions(+), 64 deletions(-) diff --git a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 index 812e9c8e..030ddcee 100644 --- a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 @@ -3608,6 +3608,9 @@ function TaskViewButton .EXAMPLE NewsInterests -Enable + .NOTES + https://forums.mydigitallife.net/threads/taskbarda-widgets-registry-change-is-now-blocked.88547/#post-1848877 + .NOTES Current user #> @@ -3630,27 +3633,90 @@ function NewsInterests $Enable ) + # Remove all policies in order to make changes visible in UI only if it's possible + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" -Name EnableFeeds -Force -ErrorAction Ignore + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests\AllowNewsAndInterests" -Name value -Force -ErrorAction Ignore + + # Due to "Set-StrictMode -Version Latest" we have to use GetValue() + $MachineId = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient", "MachineId", $null) + if (-not $MachineId) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + + if (-not (Get-Package -Name "Microsoft Edge Update" -ProviderName Programs -ErrorAction Ignore)) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + + # https://forums.mydigitallife.net/threads/taskbarda-widgets-registry-change-is-now-blocked.88547/#post-1849006 + $Signature = @{ + Namespace = "WinAPI" + Name = "Signature" + Language = "CSharp" + CompilerParameters = $CompilerParameters + MemberDefinition = @" +[DllImport("Shlwapi.dll", CharSet = CharSet.Unicode, ExactSpelling = true, SetLastError = false)] +public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int outputLen); +"@ + } + if (-not ("WinAPI.GetStrings" -as [type])) + { + Add-Type @Signature + } + + # We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry + Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if (-not (Test-Path -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds")) - { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" -Force - } - New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" -Name EnableFeeds -PropertyType DWord -Value 0 -Force - - if (-not (Test-Path -Path HKLM:\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests\AllowNewsAndInterests)) - { - New-Item -Path HKLM:\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests\AllowNewsAndInterests -Force - } - New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests\AllowNewsAndInterests -Name value -PropertyType DWord -Value 0 -Force + # Combine variables into a string + $Combined = $MachineId + '_' + 2 + # Reverse the whole string + $CharArray = $Combined.ToCharArray() + [array]::Reverse($CharArray) + $Reverse = -join $CharArray + $bytesIn = [System.Text.Encoding]::Unicode.GetBytes($Reverse) + $bytesOut = [byte[]]::new(4) + [WinAPI.Signature]::HashData($bytesIn, 0x53, $bytesOut, $bytesOut.Count) + # Get value to save in EnShellFeedsTaskbarViewMode key + $DWordData = [System.BitConverter]::ToUInt32($bytesOut,0) + + # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token + # We cannot put --% inside the command below as it breaks parsing of $DWordData variable + $EscapeParser = "--%" + & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f } "Enable" { - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" -Name EnableFeeds -Force -ErrorAction Ignore + # Combine variables into a string + $Combined = $MachineId + '_' + 0 + # Reverse the whole string + $CharArray = $Combined.ToCharArray() + [array]::Reverse($CharArray) + $Reverse = -join $CharArray + $bytesIn = [System.Text.Encoding]::Unicode.GetBytes($Reverse) + $bytesOut = [byte[]]::new(4) + [WinAPI.Signature]::HashData($bytesIn, 0x53, $bytesOut, $bytesOut.Count) + # Get value to save in EnShellFeedsTaskbarViewMode key + $DWordData = [System.BitConverter]::ToUInt32($bytesOut,0) + + # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token + # We cannot put --% inside the command below as it breaks parsing of $DWordData variable + $EscapeParser = "--%" + & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f } } + + Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force } <# diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 index b71bfba1..ed134f4d 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 @@ -3612,6 +3612,9 @@ function TaskViewButton .EXAMPLE NewsInterests -Enable + .NOTES + https://forums.mydigitallife.net/threads/taskbarda-widgets-registry-change-is-now-blocked.88547/#post-1848877 + .NOTES Current user #> @@ -3634,27 +3637,90 @@ function NewsInterests $Enable ) + # Remove all policies in order to make changes visible in UI only if it's possible + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" -Name EnableFeeds -Force -ErrorAction Ignore + Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests\AllowNewsAndInterests" -Name value -Force -ErrorAction Ignore + + # Due to "Set-StrictMode -Version Latest" we have to use GetValue() + $MachineId = [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient", "MachineId", $null) + if (-not $MachineId) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + + if (-not (Get-Package -Name "Microsoft Edge Update" -ProviderName Programs -ErrorAction Ignore)) + { + Write-Information -MessageData "" -InformationAction Continue + Write-Verbose -Message $Localization.Skipped -Verbose + + return + } + + # https://forums.mydigitallife.net/threads/taskbarda-widgets-registry-change-is-now-blocked.88547/#post-1849006 + $Signature = @{ + Namespace = "WinAPI" + Name = "Signature" + Language = "CSharp" + CompilerParameters = $CompilerOptions + MemberDefinition = @" +[DllImport("Shlwapi.dll", CharSet = CharSet.Unicode, ExactSpelling = true, SetLastError = false)] +public static extern int HashData(byte[] pbData, int cbData, byte[] piet, int outputLen); +"@ + } + if (-not ("WinAPI.GetStrings" -as [type])) + { + Add-Type @Signature + } + + # We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry + Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force + switch ($PSCmdlet.ParameterSetName) { "Disable" { - if (-not (Test-Path -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds")) - { - New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" -Force - } - New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" -Name EnableFeeds -PropertyType DWord -Value 0 -Force - - if (-not (Test-Path -Path HKLM:\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests\AllowNewsAndInterests)) - { - New-Item -Path HKLM:\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests\AllowNewsAndInterests -Force - } - New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\PolicyManager\default\NewsAndInterests\AllowNewsAndInterests -Name value -PropertyType DWord -Value 0 -Force + # Combine variables into a string + $Combined = $MachineId + '_' + 2 + # Reverse the whole string + $CharArray = $Combined.ToCharArray() + [array]::Reverse($CharArray) + $Reverse = -join $CharArray + $bytesIn = [System.Text.Encoding]::Unicode.GetBytes($Reverse) + $bytesOut = [byte[]]::new(4) + [WinAPI.Signature]::HashData($bytesIn, 0x53, $bytesOut, $bytesOut.Count) + # Get value to save in EnShellFeedsTaskbarViewMode key + $DWordData = [System.BitConverter]::ToUInt32($bytesOut,0) + + # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token + # We cannot put --% inside the command below as it breaks parsing of $DWordData variable + $EscapeParser = "--%" + & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f } "Enable" { - Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Feeds" -Name EnableFeeds -Force -ErrorAction Ignore + # Combine variables into a string + $Combined = $MachineId + '_' + 0 + # Reverse the whole string + $CharArray = $Combined.ToCharArray() + [array]::Reverse($CharArray) + $Reverse = -join $CharArray + $bytesIn = [System.Text.Encoding]::Unicode.GetBytes($Reverse) + $bytesOut = [byte[]]::new(4) + [WinAPI.Signature]::HashData($bytesIn, 0x53, $bytesOut, $bytesOut.Count) + # Get value to save in EnShellFeedsTaskbarViewMode key + $DWordData = [System.BitConverter]::ToUInt32($bytesOut,0) + + # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token + # We cannot put --% inside the command below as it breaks parsing of $DWordData variable + $EscapeParser = "--%" + & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds /v EnShellFeedsTaskbarViewMode /t REG_DWORD /d $DWordData /f } } + + Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force } <# diff --git a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 index 033b5381..498f9fbc 100644 --- a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 @@ -3191,41 +3191,34 @@ function TaskbarWidgets $Show ) + # We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry + Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force + switch ($PSCmdlet.ParameterSetName) { "Hide" { if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience) { - # Microsoft blocked access for editing TaskbarDa key in KB5041585 - try - { - New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 0 -Force -ErrorAction Stop - } - catch [System.UnauthorizedAccessException] - { - Write-Warning -Message ($Global:Error.Exception.Message | Select-Object -First 1) - Write-Error -Message ($Global:Error.Exception.Message | Select-Object -First 1) -ErrorAction SilentlyContinue - } + # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token + # We cannot put --% inside the command below as it breaks parsing of $DWordData variable + $EscapeParser = "--%" + & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 0 /f } } "Show" { if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience) { - # Microsoft blocked access for editing TaskbarDa key in KB5041585 - try - { - New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 1 -Force -ErrorAction Stop - } - catch [System.UnauthorizedAccessException] - { - Write-Warning -Message ($Global:Error.Exception.Message | Select-Object -First 1) - Write-Error -Message ($Global:Error.Exception.Message | Select-Object -First 1) -ErrorAction SilentlyContinue - } + # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token + # We cannot put --% inside the command below as it breaks parsing of $DWordData variable + $EscapeParser = "--%" + & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 1 /f } } } + + Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force } <# diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 index 429c8d05..5a8fd2c2 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 @@ -3195,41 +3195,34 @@ function TaskbarWidgets $Show ) + # We cannot call any of APIs except copying reg.exe with a different name due to a UCPD driver tracks all executables to blocke the access to the registry + Copy-Item -Path "$env:SystemRoot\system32\reg.exe" -Destination "$env:SystemRoot\system32\reg_temp.exe" -Force + switch ($PSCmdlet.ParameterSetName) { "Hide" { if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience) { - # Microsoft blocked access for editing TaskbarDa key in KB5041585 - try - { - New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 0 -Force -ErrorAction Stop - } - catch [System.UnauthorizedAccessException] - { - Write-Warning -Message ($Global:Error.Exception.Message | Select-Object -First 1) - Write-Error -Message ($Global:Error.Exception.Message | Select-Object -First 1) -ErrorAction SilentlyContinue - } + # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token + # We cannot put --% inside the command below as it breaks parsing of $DWordData variable + $EscapeParser = "--%" + & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 0 /f } } "Show" { if (Get-AppxPackage -Name MicrosoftWindows.Client.WebExperience) { - # Microsoft blocked access for editing TaskbarDa key in KB5041585 - try - { - New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -PropertyType DWord -Value 1 -Force -ErrorAction Stop - } - catch [System.UnauthorizedAccessException] - { - Write-Warning -Message ($Global:Error.Exception.Message | Select-Object -First 1) - Write-Error -Message ($Global:Error.Exception.Message | Select-Object -First 1) -ErrorAction SilentlyContinue - } + # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_parsing?view=powershell-7.4#the-stop-parsing-token + # We cannot put --% inside the command below as it breaks parsing of $DWordData variable + $EscapeParser = "--%" + & "$env:SystemRoot\system32\reg_temp.exe" $EscapeParser ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 1 /f } } } + + Remove-Item -Path "$env:SystemRoot\system32\reg_temp.exe" -Force } <#