Browse Source

Fixed PowerShell 7 compiler options typos

master
Dmitry Nefedov 7 months ago
parent
commit
f1387de660
  1. 1
      src/Sophia_Script_for_Windows_10/Module/Sophia.psm1
  2. 35
      src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1
  3. 41
      src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1

1
src/Sophia_Script_for_Windows_10/Module/Sophia.psm1

@ -13982,6 +13982,7 @@ function EventViewerCustomView
} }
"Disable" "Disable"
{ {
# Unlike in Windows 11 default value for Windows 10 is "disable"
auditpol /set /subcategory:"{0CCE922B-69AE-11D9-BED3-505054503030}" /success:disable /failure:disable auditpol /set /subcategory:"{0CCE922B-69AE-11D9-BED3-505054503030}" /success:disable /failure:disable
Remove-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -Name ProcessCreationIncludeCmdLine_Enabled -Force -ErrorAction Ignore Remove-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -Name ProcessCreationIncludeCmdLine_Enabled -Force -ErrorAction Ignore
Set-Policy -Scope Computer -Path SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -Name ProcessCreationIncludeCmdLine_Enabled -Type CLEAR Set-Policy -Scope Computer -Path SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -Name ProcessCreationIncludeCmdLine_Enabled -Type CLEAR

35
src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1

@ -58,20 +58,23 @@ function InitialActions
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Import PowerShell 5.1 modules
Import-Module -Name Microsoft.PowerShell.Management, PackageManagement, Appx -UseWindowsPowerShell
# Extract strings from %SystemRoot%\System32\shell32.dll using its number # Extract strings from %SystemRoot%\System32\shell32.dll using its number
# https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1 # https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100") # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100")
# https://github.com/PowerShell/PowerShell/issues/21070 # https://github.com/PowerShell/PowerShell/issues/21070
$Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll") $Script:CompilerOptions = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll")
$Script:CompilerParameters.TempFiles = [System.CodeDom.Compiler.TempFileCollection]::new($env:TEMP, $false) $Script:CompilerOptions.TempFiles = [System.CodeDom.Compiler.TempFileCollection]::new($env:TEMP, $false)
$Script:CompilerParameters.GenerateInMemory = $true $Script:CompilerOptions.GenerateInMemory = $true
$Signature = @{ $Signature = @{
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "GetStrings" Name = "GetStrings"
Language = "CSharp" Language = "CSharp"
UsingNamespace = "System.Text" UsingNamespace = "System.Text"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("kernel32.dll", CharSet = CharSet.Auto)] [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr GetModuleHandle(string lpModuleName); public static extern IntPtr GetModuleHandle(string lpModuleName);
@ -126,7 +129,7 @@ public static string GetIndirectString(string indirectString)
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "ForegroundWindow" Name = "ForegroundWindow"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("user32.dll")] [DllImport("user32.dll")]
public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow); public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
@ -829,9 +832,6 @@ public static extern bool SetForegroundWindow(IntPtr hWnd);
# Save all opened folders in order to restore them after File Explorer restart # Save all opened folders in order to restore them after File Explorer restart
$Script:OpenedFolders = {(New-Object -ComObject Shell.Application).Windows() | ForEach-Object -Process {$_.Document.Folder.Self.Path}}.Invoke() $Script:OpenedFolders = {(New-Object -ComObject Shell.Application).Windows() | ForEach-Object -Process {$_.Document.Folder.Self.Path}}.Invoke()
# Import PowerShell 5.1 modules
Import-Module -Name Microsoft.PowerShell.Management, PackageManagement, Appx -UseWindowsPowerShell
<# <#
.SYNOPSIS .SYNOPSIS
The "Show menu" function with the up/down arrow keys and enter key to make a selection The "Show menu" function with the up/down arrow keys and enter key to make a selection
@ -4904,7 +4904,7 @@ function Cursors
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "Cursor" Name = "Cursor"
Language = "CSharp" Language = "CSharp"
CompilerParameters = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("user32.dll", EntryPoint = "SystemParametersInfo")] [DllImport("user32.dll", EntryPoint = "SystemParametersInfo")]
public static extern bool SystemParametersInfo(uint uiAction, uint uiParam, uint pvParam, uint fWinIni); public static extern bool SystemParametersInfo(uint uiAction, uint uiParam, uint pvParam, uint fWinIni);
@ -5142,7 +5142,7 @@ function OneDrive
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "DeleteFiles" Name = "DeleteFiles"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
public enum MoveFileFlags public enum MoveFileFlags
{ {
@ -5655,7 +5655,7 @@ function TempFolder
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "DeleteFiles" Name = "DeleteFiles"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
public enum MoveFileFlags public enum MoveFileFlags
{ {
@ -5779,7 +5779,7 @@ Unregister-ScheduledTask -TaskName SymbolicLink -Confirm:`$false
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "DeleteFiles" Name = "DeleteFiles"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
public enum MoveFileFlags public enum MoveFileFlags
{ {
@ -7340,7 +7340,7 @@ function Set-UserShellFolderLocation
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "KnownFolders" Name = "KnownFolders"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("shell32.dll")] [DllImport("shell32.dll")]
public extern static int SHSetKnownFolderPath(ref Guid folderId, uint flags, IntPtr token, [MarshalAs(UnmanagedType.LPWStr)] string path); public extern static int SHSetKnownFolderPath(ref Guid folderId, uint flags, IntPtr token, [MarshalAs(UnmanagedType.LPWStr)] string path);
@ -9220,7 +9220,7 @@ function Set-Association
Name = "Action" Name = "Action"
Language = "CSharp" Language = "CSharp"
UsingNamespace = "System.Text", "System.Security.AccessControl", "Microsoft.Win32" UsingNamespace = "System.Text", "System.Security.AccessControl", "Microsoft.Win32"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("advapi32.dll", CharSet = CharSet.Auto)] [DllImport("advapi32.dll", CharSet = CharSet.Auto)]
private static extern int RegOpenKeyEx(UIntPtr hKey, string subKey, int ulOptions, int samDesired, out UIntPtr hkResult); private static extern int RegOpenKeyEx(UIntPtr hKey, string subKey, int ulOptions, int samDesired, out UIntPtr hkResult);
@ -9690,7 +9690,7 @@ public static int UnloadHive(RegistryHives hive, string subKey)
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "PatentHash" Name = "PatentHash"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
public static uint[] WordSwap(byte[] a, int sz, byte[] md5) public static uint[] WordSwap(byte[] a, int sz, byte[] md5)
{ {
@ -9936,7 +9936,7 @@ public static long MakeLong(uint left, uint right)
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "Signature" Name = "Signature"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("shell32.dll", CharSet = CharSet.Auto, SetLastError = false)] [DllImport("shell32.dll", CharSet = CharSet.Auto, SetLastError = false)]
private static extern int SHChangeNotify(int eventId, int flags, IntPtr item1, IntPtr item2); private static extern int SHChangeNotify(int eventId, int flags, IntPtr item1, IntPtr item2);
@ -14008,6 +14008,7 @@ function EventViewerCustomView
} }
"Disable" "Disable"
{ {
# Unlike in Windows 11 default value for Windows 10 is "disable"
auditpol /set /subcategory:"{0CCE922B-69AE-11D9-BED3-505054503030}" /success:disable /failure:disable auditpol /set /subcategory:"{0CCE922B-69AE-11D9-BED3-505054503030}" /success:disable /failure:disable
Remove-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -Name ProcessCreationIncludeCmdLine_Enabled -Force -ErrorAction Ignore Remove-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -Name ProcessCreationIncludeCmdLine_Enabled -Force -ErrorAction Ignore
Set-Policy -Scope Computer -Path SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -Name ProcessCreationIncludeCmdLine_Enabled -Type CLEAR Set-Policy -Scope Computer -Path SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -Name ProcessCreationIncludeCmdLine_Enabled -Type CLEAR
@ -15368,7 +15369,7 @@ function PostActions
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "UpdateEnvironment" Name = "UpdateEnvironment"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
private static readonly IntPtr HWND_BROADCAST = new IntPtr(0xffff); private static readonly IntPtr HWND_BROADCAST = new IntPtr(0xffff);
private const int WM_SETTINGCHANGE = 0x1a; private const int WM_SETTINGCHANGE = 0x1a;

41
src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1

@ -57,20 +57,23 @@ function InitialActions
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Import PowerShell 5.1 modules
Import-Module -Name Microsoft.PowerShell.Management, PackageManagement, Appx -UseWindowsPowerShell
# Extract strings from %SystemRoot%\System32\shell32.dll using its number # Extract strings from %SystemRoot%\System32\shell32.dll using its number
# https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1 # https://github.com/SamuelArnold/StarKill3r/blob/master/Star%20Killer/Star%20Killer/bin/Debug/Scripts/SANS-SEC505-master/scripts/Day1-PowerShell/Expand-IndirectString.ps1
# [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100") # [WinAPI.GetStrings]::GetIndirectString("@%SystemRoot%\system32\schedsvc.dll,-100")
# https://github.com/PowerShell/PowerShell/issues/21070 # https://github.com/PowerShell/PowerShell/issues/21070
$Script:CompilerParameters = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll") $Script:CompilerOptions = [System.CodeDom.Compiler.CompilerParameters]::new("System.dll")
$Script:CompilerParameters.TempFiles = [System.CodeDom.Compiler.TempFileCollection]::new($env:TEMP, $false) $Script:CompilerOptions.TempFiles = [System.CodeDom.Compiler.TempFileCollection]::new($env:TEMP, $false)
$Script:CompilerParameters.GenerateInMemory = $true $Script:CompilerOptions.GenerateInMemory = $true
$Signature = @{ $Signature = @{
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "GetStrings" Name = "GetStrings"
Language = "CSharp" Language = "CSharp"
UsingNamespace = "System.Text" UsingNamespace = "System.Text"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("kernel32.dll", CharSet = CharSet.Auto)] [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr GetModuleHandle(string lpModuleName); public static extern IntPtr GetModuleHandle(string lpModuleName);
@ -125,7 +128,7 @@ public static string GetIndirectString(string indirectString)
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "ForegroundWindow" Name = "ForegroundWindow"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("user32.dll")] [DllImport("user32.dll")]
public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow); public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
@ -914,11 +917,21 @@ public static extern bool SetForegroundWindow(IntPtr hWnd);
# Extract the localized "Skip" string from shell32.dll # Extract the localized "Skip" string from shell32.dll
$Script:Skip = [WinAPI.GetStrings]::GetString(16956) $Script:Skip = [WinAPI.GetStrings]::GetString(16956)
Write-Information -MessageData "┏┓ ┓ • ┏┓ • ┏ ┓ ┏• ┓ " -InformationAction Continue
Write-Information -MessageData "┗┓┏┓┏┓┣┓┓┏┓ ┗┓┏┏┓┓┏┓╋ ╋┏┓┏┓ ┃┃┃┓┏┓┏┫┏┓┓┏┏┏" -InformationAction Continue
Write-Information -MessageData "┗┛┗┛┣┛┛┗┗┗┻ ┗┛┗┛ ┗┣┛┗ ┛┗┛┛ ┗┻┛┗┛┗┗┻┗┛┗┻┛┛" -InformationAction Continue
Write-Information -MessageData " ┛ ┛ " -InformationAction Continue
Write-Information -MessageData "https://t.me/sophianews" -InformationAction Continue
Write-Information -MessageData "https://t.me/sophia_chat" -InformationAction Continue
Write-Information -MessageData "https://discord.gg/sSryhaEv79" -InformationAction Continue
# Display a warning message about whether a user has customized the preset file # Display a warning message about whether a user has customized the preset file
if ($Warning) if ($Warning)
{ {
# Get the name of a preset (e.g Sophia.ps1) regardless it was named # Get the name of a preset (e.g Sophia.ps1) regardless it was named
# $_.File has no EndsWith() method # $_.File has no EndsWith() method
Write-Information -MessageData "" -InformationAction Continue
$PresetName = Split-Path -Path (((Get-PSCallStack).Position | Where-Object -FilterScript {$_.File}).File | Where-Object -FilterScript {$_.EndsWith(".ps1")}) -Leaf $PresetName = Split-Path -Path (((Get-PSCallStack).Position | Where-Object -FilterScript {$_.File}).File | Where-Object -FilterScript {$_.EndsWith(".ps1")}) -Leaf
Write-Verbose -Message ($Localization.CustomizationWarning -f $PresetName) -Verbose Write-Verbose -Message ($Localization.CustomizationWarning -f $PresetName) -Verbose
@ -4481,7 +4494,7 @@ function Cursors
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "Cursor" Name = "Cursor"
Language = "CSharp" Language = "CSharp"
CompilerParameters = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("user32.dll", EntryPoint = "SystemParametersInfo")] [DllImport("user32.dll", EntryPoint = "SystemParametersInfo")]
public static extern bool SystemParametersInfo(uint uiAction, uint uiParam, uint pvParam, uint fWinIni); public static extern bool SystemParametersInfo(uint uiAction, uint uiParam, uint pvParam, uint fWinIni);
@ -4719,7 +4732,7 @@ function OneDrive
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "DeleteFiles" Name = "DeleteFiles"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
public enum MoveFileFlags public enum MoveFileFlags
{ {
@ -5232,7 +5245,7 @@ function TempFolder
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "DeleteFiles" Name = "DeleteFiles"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
public enum MoveFileFlags public enum MoveFileFlags
{ {
@ -5356,7 +5369,7 @@ Unregister-ScheduledTask -TaskName SymbolicLink -Confirm:`$false
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "DeleteFiles" Name = "DeleteFiles"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
public enum MoveFileFlags public enum MoveFileFlags
{ {
@ -7118,7 +7131,7 @@ function Set-UserShellFolderLocation
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "KnownFolders" Name = "KnownFolders"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("shell32.dll")] [DllImport("shell32.dll")]
public extern static int SHSetKnownFolderPath(ref Guid folderId, uint flags, IntPtr token, [MarshalAs(UnmanagedType.LPWStr)] string path); public extern static int SHSetKnownFolderPath(ref Guid folderId, uint flags, IntPtr token, [MarshalAs(UnmanagedType.LPWStr)] string path);
@ -8794,7 +8807,7 @@ function Set-Association
Name = "Action" Name = "Action"
Language = "CSharp" Language = "CSharp"
UsingNamespace = "System.Text", "System.Security.AccessControl", "Microsoft.Win32" UsingNamespace = "System.Text", "System.Security.AccessControl", "Microsoft.Win32"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("advapi32.dll", CharSet = CharSet.Auto)] [DllImport("advapi32.dll", CharSet = CharSet.Auto)]
private static extern int RegOpenKeyEx(UIntPtr hKey, string subKey, int ulOptions, int samDesired, out UIntPtr hkResult); private static extern int RegOpenKeyEx(UIntPtr hKey, string subKey, int ulOptions, int samDesired, out UIntPtr hkResult);
@ -9264,7 +9277,7 @@ public static int UnloadHive(RegistryHives hive, string subKey)
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "PatentHash" Name = "PatentHash"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
public static uint[] WordSwap(byte[] a, int sz, byte[] md5) public static uint[] WordSwap(byte[] a, int sz, byte[] md5)
{ {
@ -9510,7 +9523,7 @@ public static long MakeLong(uint left, uint right)
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "Signature" Name = "Signature"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
[DllImport("shell32.dll", CharSet = CharSet.Auto, SetLastError = false)] [DllImport("shell32.dll", CharSet = CharSet.Auto, SetLastError = false)]
private static extern int SHChangeNotify(int eventId, int flags, IntPtr item1, IntPtr item2); private static extern int SHChangeNotify(int eventId, int flags, IntPtr item1, IntPtr item2);
@ -14536,7 +14549,7 @@ function PostActions
Namespace = "WinAPI" Namespace = "WinAPI"
Name = "UpdateEnvironment" Name = "UpdateEnvironment"
Language = "CSharp" Language = "CSharp"
CompilerOptions = $CompilerParameters CompilerOptions = $CompilerOptions
MemberDefinition = @" MemberDefinition = @"
private static readonly IntPtr HWND_BROADCAST = new IntPtr(0xffff); private static readonly IntPtr HWND_BROADCAST = new IntPtr(0xffff);
private const int WM_SETTINGCHANGE = 0x1a; private const int WM_SETTINGCHANGE = 0x1a;

Loading…
Cancel
Save