Fix WinUtil admin elevation for stable and pre-release builds

2025-04-04 18:22:09 +00:00 · 2024-10-09 23:43:16 -07:00 · 2024-10-09 23:43:16 -07:00 · 09b54a6eee
commit 09b54a6eee
parent e4565f1f6f
2 changed files with 208 additions and 64 deletions
--- a/scripts/start.ps1
+++ b/scripts/start.ps1
@ -1,11 +1,12 @@
 <#
 .NOTES
-    Author         : Chris Titus @christitustech
+    Author          : Chris Titus @christitustech
-    Runspace Author: @DeveloperDurp
+    Runspace Author : @DeveloperDurp
-    GitHub         : https://github.com/ChrisTitusTech
+    GitHub          : https://github.com/ChrisTitusTech
-    Version        : #{replaceme}
+    Version         : #{replaceme}
 #>
 # Define the arguments for the WinUtil script
 param (
    [switch]$Debug,
    [string]$Config,
@ -17,12 +18,13 @@ if ($Debug) {
    $DebugPreference = "Continue"
 }
 # Handle the -Config parameter
 if ($Config) {
    $PARAM_CONFIG = $Config
 }
 $PARAM_RUN = $false
 # Handle the -Run switch
 $PARAM_RUN = $false
 if ($Run) {
    Write-Host "Running config file tasks..."
    $PARAM_RUN = $true
@ -39,38 +41,66 @@ $sync.version = "#{replaceme}"
 $sync.configs = @{}
 $sync.ProcessRunning = $false
-if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
+# Store elevation status of the process
-    Write-Output "Winutil needs to be run as Administrator. Attempting to relaunch."
+$isElevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
    $argList = @()
-    $PSBoundParameters.GetEnumerator() | ForEach-Object {
+# Initialize the arguments list array
-        $argList += if ($_.Value -is [switch] -and $_.Value) {
+$argsList = @()
-            "-$($_.Key)"
+
-        } elseif ($_.Value) {
+# Add the passed parameters to $argsList
-            "-$($_.Key) `"$($_.Value)`""
+$PSBoundParameters.GetEnumerator() | ForEach-Object {
-        }
+    $argsList += if ($_.Value -is [switch] -and $_.Value) {
        "-$($_.Key)"
    } elseif ($_.Value) {
        "-$($_.Key) `"$($_.Value)`""
    }
 }
-    $script = if ($MyInvocation.MyCommand.Path) {
+# Set the download URL for the latest release
-        "& { & '$($MyInvocation.MyCommand.Path)' $argList }"
+$downloadURL = "https://github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1"
    } else {
        "iex '& { $(irm https://github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1) } $argList'"
    }
    $powershellcmd = if (Get-Command pwsh -ErrorAction SilentlyContinue) { "pwsh" } else { "powershell" }
    $processCmd = if (Get-Command wt.exe -ErrorAction SilentlyContinue) { "wt.exe" } else { $powershellcmd }
    Start-Process $processCmd -ArgumentList "$powershellcmd -ExecutionPolicy Bypass -NoProfile -Command $script" -Verb RunAs
 # Download the WinUtil script to '$env:TEMP'
 try {
    Write-Host "Downloading the latest stable WinUtil version..." -ForegroundColor Green
    Invoke-RestMethod $downloadURL -OutFile "$env:TEMP\winutil.ps1"
 } catch {
    Write-Host "Error downloading WinUtil: $_" -ForegroundColor Red
    break
 }
-$dateTime = Get-Date -Format "yyyy-MM-dd_HH-mm-ss"
+# Setup the commands used to launch the script
 $powershellCmd = if (Get-Command pwsh.exe -ErrorAction SilentlyContinue) { "pwsh.exe" } else { "powershell.exe" }
 $processCmd = if (Get-Command wt.exe -ErrorAction SilentlyContinue) { "wt.exe" } else { $powershellCmd }
 # Setup the script's launch arguments
 $launchArguments = "-ExecutionPolicy Bypass -NoProfile -File `"$env:TEMP\winutil.ps1`" $argsList"
 if ($processCmd -ne $powershellCmd) {
    $launchArguments = "$powershellCmd $launchArguments"
 }
 # Set the title of the running PowerShell instance
 $BaseWindowTitle = $MyInvocation.MyCommand.Path ?? $MyInvocation.MyCommand.Definition
 $Host.UI.RawUI.WindowTitle = if ($isElevated) {
    $BaseWindowTitle + " (Admin)"
 } else {
    $BaseWindowTitle + " (User)"
 }
 # Relaunch the script as administrator if necessary
 try {
    if (!$isElevated) {
        Write-Host "WinUtil is not running as administrator. Relaunching..." -ForegroundColor DarkCyan
        Start-Process $processCmd -ArgumentList $launchArguments -Verb RunAs
        break
    } else {
        Write-Host "Running the latest stable version of WinUtil as admin." -ForegroundColor DarkCyan
    }
 } catch {
    Write-Host "Error launching WinUtil: $_" -ForegroundColor Red
    break
 }
 # Start WinUtil transcript logging-mm-ss"
 $logdir = "$env:localappdata\winutil\logs"
 [System.IO.Directory]::CreateDirectory("$logdir") | Out-Null
-Start-Transcript -Path "$logdir\winutil_$dateTime.log" -Append -NoClobber | Out-Null
+Start-Transcript -Path "$logdir\winutil_$dateTime.log" -Append -NoClobber | Out-Null
 # Set PowerShell window title
 $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Admin)"
 clear-host
--- a/windev.ps1
+++ b/windev.ps1
@ -1,55 +1,169 @@
 <#
 .SYNOPSIS
-    This Script is used as a target for the https://christitus.com/windev alias.
+    This script is used as a target for the https://christitus.com/windev alias.
-    It queries the latest winget release (no matter if Pre-Release, Draft or Full Release) and invokes It
+    It queries the latest WinUtil release (no matter if it's a Pre-Release, Draft, or Full Release) and runs it.
 .DESCRIPTION
-    This Script provides a simple way to always start the bleeding edge release even if it's not yet a full release.
+    This script provides a simple way to start the bleeding edge release even if it's not yet a full release.
-    This function should be run with administrative privileges.
+    This function can be run both with administrator and non-administrator permissions.
-    Because this way of recursively invoking scripts via Invoke-Expression it might very well happen that AV Programs flag this because it's a common way of mulitstage exploits to run
+    If it is not running as administrator, it will attempt to relaunch itself with administrator permissions.
    The script no longer uses Invoke-Expression for its execution and now relies on Start-Process.
 .EXAMPLE
-    irm https://christitus.com/windev | iex
+    Run in PowerShell > irm https://christitus.com/windev | iex
    OR
-    Run in Admin Powershell >  ./windev.ps1
+    Run in PowerShell > .\windev.ps1
    OR
    Run in PowerShell > iex "& { $(irm https://christitus.com/windev) } <arguments>"
    OR
    Run in PowerShell > .\windev.ps1 <arguments>
 #>
-# Function to fetch the latest release tag from the GitHub API
+# Define the arguments for the WinUtil script; enables argument auto-completion.
-function Get-LatestRelease {
+param (
    [switch]$Debug,
    [string]$Config,
    [switch]$Run
 )
 # Speed up download-related tasks by suppressing the output of Write-Progress.
 $ProgressPreference = "SilentlyContinue"
 # Determine whether or not the active process is currently running as administrator.
 $ProcessIsElevated = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
 # Function to get the latest stable or pre-release tag from the repository's releases page.
 function Get-WinUtilReleaseTag {
    # Retrieve the list of released versions from the repository's releases page.
    try {
-        $releases = Invoke-RestMethod -Uri 'https://api.github.com/repos/ChrisTitusTech/winutil/releases'
+        $ReleasesList = Invoke-RestMethod 'https://api.github.com/repos/ChrisTitusTech/winutil/releases'
        $latestRelease = $releases | Where-Object {$_.prerelease -eq $true} | Select-Object -First 1
        return $latestRelease.tag_name
    } catch {
-        Write-Host "Error fetching release data: $_" -ForegroundColor Red
+        Write-Host "Error downloading WinUtil's releases list: $_" -ForegroundColor Red
-        return $latestRelease.tag_name
+        break
    }
 }
-# Function to redirect to the latest pre-release version
+    # Filter through the released versions and select the first matching stable or pre-release version.
-function RedirectToLatestPreRelease {
+    $StableRelease = $ReleasesList | Where-Object { -not $_.prerelease } | Select-Object -First 1
-    $latestRelease = Get-LatestRelease
+    $PreRelease = $ReleasesList | Where-Object { $_.prerelease } | Select-Object -First 1
-    if ($latestRelease) {
+
-        $url = "https://github.com/ChrisTitusTech/winutil/releases/download/$latestRelease/winutil.ps1"
+    # Set the release tag based on the available releases; if no release tag is found use the 'latest' tag.
    $ReleaseTag = if ($PreRelease) {
        $PreRelease.tag_name
    } elseif ($StableRelease) {
        $StableRelease.tag_name
    } else {
-        Write-Host 'Unable to determine latest pre-release version.' -ForegroundColor Red
+        "latest"
        Write-Host "Using latest Full Release"
        $url = "https://github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1"
    }
-    $script = Invoke-RestMethod $url
+    # Return the release tag to facilitate the usage of the version number within other parts of the script.
-    # Elevate Shell if necessary
+    return $ReleaseTag
-    if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
+}
        Write-Output "Winutil needs to be run as Administrator. Attempting to relaunch."
-        $powershellcmd = if (Get-Command pwsh -ErrorAction SilentlyContinue) { "pwsh" } else { "powershell" }
+# Get the latest stable or pre-release tag; falling back to the 'latest' release tag if no releases are found.
-        $processCmd = if (Get-Command wt.exe -ErrorAction SilentlyContinue) { "wt.exe" } else { $powershellcmd }
+$WinUtilReleaseTag = Get-WinUtilReleaseTag
-        Start-Process $processCmd -ArgumentList "$powershellcmd -ExecutionPolicy Bypass -NoProfile -Command $(Invoke-Expression $script)" -Verb RunAs
+# Function to generate the URL used to download the latest release of WinUtil from the releases page.
 function Get-WinUtilReleaseURL {
    $WinUtilDownloadURL = if ($WinUtilReleaseTag -eq "latest") {
        "https://github.com/ChrisTitusTech/winutil/releases/$($WinUtilReleaseTag)/download/winutil.ps1"
    } else {
        "https://github.com/ChrisTitusTech/winutil/releases/download/$($WinUtilReleaseTag)/winutil.ps1"
    }
-    else{
+
-        Invoke-Expression $script
+    return $WinUtilDownloadURL
 }
 # Get the URL used to download the latest release of WinUtil from the releases page.
 $WinUtilReleaseURL = Get-WinUtilReleaseURL
 # Create the file path that the latest WinUtil release will be downloaded to on the local disk.
 $WinUtilScriptPath = Join-Path "$env:TEMP" "winutil.ps1"
 # Function to download the latest release of WinUtil from the releases page to the local disk.
 function Get-LatestWinUtil {
    if (!(Test-Path $WinUtilScriptPath)) {
        Write-Host "WinUtil is not found. Downloading WinUtil '$($WinUtilReleaseTag)'..." -ForegroundColor DarkYellow
        Invoke-RestMethod $WinUtilReleaseURL -OutFile $WinUtilScriptPath
    }
 }
-# Call the redirect function
+# Function to check for any version changes to WinUtil, re-downloading the script if it has been upgraded/downgraded.
 function Get-WinUtilUpdates {
    # Make a web request to the latest WinUtil release URL and store the script's raw code for processing.
    $RawWinUtilScript = (Invoke-WebRequest $WinUtilReleaseURL -UseBasicParsing).RawContent
-RedirectToLatestPreRelease
+    # Create the regular expression pattern used to extract the script's version number from the script's raw content.
    $VersionExtractionRegEx = "(\bVersion\s*:\s)([\d.]+)"
    # Match the entire 'Version:' header and extract the script's version number directly using RegEx capture groups.
    $RemoteWinUtilVersion = (([regex]($VersionExtractionRegEx)).Match($RawWinUtilScript).Groups[2].Value)
    $LocalWinUtilVersion = (([regex]($VersionExtractionRegEx)).Match((Get-Content $WinUtilScriptPath)).Groups[2].Value)
    # Check if WinUtil needs an update and either download a fresh copy or notify the user its already up-to-date.
    if ([version]$RemoteWinUtilVersion -ne [version]$LocalWinUtilVersion) {
        Write-Host "WinUtil is out-of-date. Downloading WinUtil '$($RemoteWinUtilVersion)'..." -ForegroundColor DarkYellow
        Invoke-RestMethod $WinUtilReleaseURL -OutFile $WinUtilScriptPath
    } else {
        Write-Host "WinUtil is already up-to-date. Skipped update checking." -ForegroundColor Yellow
    }
 }
 # Function to start the latest release of WinUtil that was previously downloaded and saved to '$env:TEMP\winutil.ps1'.
 function Start-LatestWinUtil {
    param (
        [Parameter(Mandatory = $false)]
        [array]$WinUtilArgumentsList
    )
    # Setup the commands used to launch WinUtil using Windows Terminal or Windows PowerShell/PowerShell Core.
    $PowerShellCommand = if (Get-Command pwsh.exe -ErrorAction SilentlyContinue) { "pwsh.exe" } else { "powershell.exe" }
    $ProcessCommand = if (Get-Command wt.exe -ErrorAction SilentlyContinue) { "wt.exe" } else { $PowerShellCommand }
    # Setup the script's launch arguments based on the presence of Windows Terminal or Windows PowerShell/PowerShell Core:
    # 1. Windows Terminal needs the name of the process to start ($PowerShellCommand) in addition to the launch arguments.
    # 2. Windows PowerShell and PowerShell Core can receive and use the launch arguments as is without extra modification.
    $WinUtilLaunchArguments = "-ExecutionPolicy Bypass -NoProfile -File `"$WinUtilScriptPath`""
    if ($ProcessCommand -ne $PowerShellCommand) {
        $WinUtilLaunchArguments = "$PowerShellCommand $WinUtilLaunchArguments"
    }
    # If WinUtil's launch arguments are provided, append them to the end of the list of current launch arguments.
    if ($WinUtilArgumentsList) {
        $WinUtilLaunchArguments += " " + $($WinUtilArgumentsList -join " ")
    }
    # If the WinUtil script is not running as administrator, relaunch the script with administrator permissions.
    if (!$ProcessIsElevated) {
        Write-Host "WinUtil is not running as administrator. Relaunching..." -ForegroundColor DarkCyan
        Write-Host "Running the selected WinUtil release: Version '$($WinUtilReleaseTag)'." -ForegroundColor Green
        Start-Process $ProcessCommand -ArgumentList $WinUtilLaunchArguments -Verb RunAs
    } else {
        Write-Host "Running the selected WinUtil release: Version '$($WinUtilReleaseTag)'." -ForegroundColor Green
        Start-Process $ProcessCommand -ArgumentList $WinUtilLaunchArguments
    }
 }
 # If WinUtil has not already been downloaded, attempt to download it and save it to '$env:TEMP\winutil.ps1'.
 try {
    Get-LatestWinUtil
 } catch {
    Write-Host "Error downloading WinUtil '$($WinUtilReleaseTag)': $_" -ForegroundColor Red
    break
 }
 # Attempt to check for WinUtil updates, if a version is released or removed this will re-download WinUtil.
 try {
    Get-WinUtilUpdates
 } catch {
    Write-Host "Error updating WinUtil '$($WinUtilReleaseTag)': $_" -ForegroundColor Red
    break
 }
 # Attempt to start the latest release of WinUtil saved to the local disk; also supports WinUtil's arguments.
 try {
    if ($args) {
        Start-LatestWinUtil $args
    } else {
        Start-LatestWinUtil
    }
 } catch {
    Write-Host "Error launching WinUtil '$($WinUtilReleaseTag)': $_" -ForegroundColor Red
 }