swap powershell write to command instead

Signed-off-by: si458 <[email protected]>
Ylianst · Nov 6, 2024 · 7d59210 · 7d59210
1 parent fc387ca
commit 7d59210
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 13 deletions.
diff --git a/agents/meshcore.js b/agents/meshcore.js
@@ -249,7 +249,7 @@ function lockDesktop(uid) {
         case 'win32':
             {
                 var options = { type: 1, uid: uid };
-                var child = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'RunDll32.exe user32.dll,LockWorkStation'], options);
+                var child = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['cmd', '/c', 'RunDll32.exe user32.dll,LockWorkStation'], options);
                 child.waitExit();
             }
             break;

diff --git a/agents/modules_meshcore/computer-identifiers.js b/agents/modules_meshcore/computer-identifiers.js
@@ -431,11 +431,12 @@ function windows_volumes()
     p1._p2 = p2;
     p2._p1 = p1;
 
-    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-']);
+    var cmd = '"Get-Volume | Select-Object -Property DriveLetter,FileSystemLabel,FileSystemType,Size,SizeRemaining,DriveType | ConvertTo-Csv -NoTypeInformation"';
+    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd]);
     p1.child = child;
     child.promise = p1;
     child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
-    child.stdin.write('Get-Volume | Select-Object -Property DriveLetter,FileSystemLabel,FileSystemType,Size,SizeRemaining,DriveType | ConvertTo-Csv -NoTypeInformation\r\nexit\r\n');
+    child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
     child.on('exit', function (c)
     {
         var a, i, tokens, key;
@@ -466,12 +467,13 @@ function windows_volumes()
         var ret = j.r;
         var tokens = j.t;
 
-        var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-']);
+        var cmd = '"Get-BitLockerVolume | Select-Object -Property MountPoint,VolumeStatus,ProtectionStatus | ConvertTo-Csv -NoTypeInformation"';
+        var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd]);
         p2.child = child;
         child.promise = p2;
         child.tokens = tokens;
         child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
-        child.stdin.write('Get-BitLockerVolume | Select-Object -Property MountPoint,VolumeStatus,ProtectionStatus | ConvertTo-Csv -NoTypeInformation\r\nexit\r\n');
+        child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
         child.on('exit', function ()
         {
             var i;
@@ -486,7 +488,7 @@ function windows_volumes()
                     ret[key].protectionStatus = tokens[2].split('"')[1];
                     try {
                         var foundIDMarkedLine = false, foundMarkedLine = false, identifier = '', password = '';
-                        var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'manage-bde -protectors -get ', tokens[0].split('"')[1], ' -Type recoverypassword'], {});
+                        var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['cmd', '/c', 'manage-bde -protectors -get ', tokens[0].split('"')[1], ' -Type recoverypassword'], {});
                         keychild.stdout.str = ''; keychild.stdout.on('data', function (c) { this.str += c.toString(); });
                         keychild.waitExit();
                         var lines = keychild.stdout.str.trim().split('\r\n');
@@ -801,13 +803,12 @@ function hexToAscii(hexString) {
 function win_chassisType()
 {
     // needs to be replaced with win-wmi but due to bug in win-wmi it doesnt handle arrays correctly
-    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {});
+    var cmd = '"Get-CimInstance Win32_SystemEnclosure | Select-Object -ExpandProperty ChassisTypes"';
+    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd], {});
     if (child == null) { return ([]); }
     child.descriptorMetadata = 'process-manager';
     child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
     child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
-    child.stdin.write('Get-CimInstance Win32_SystemEnclosure| Select-Object -ExpandProperty ChassisTypes\r\n');
-    child.stdin.write('exit\r\n');
     child.waitExit();
     try {
         return (parseInt(child.stdout.str));

diff --git a/agents/modules_meshcore/win-info.js b/agents/modules_meshcore/win-info.js
@@ -243,12 +243,11 @@ function installedApps()
 function defender(){
     var promise = require('promise');
     var ret = new promise(function (a, r) { this._resolve = a; this._reject = r; });
-    ret.child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {});
+    var cmd = '"Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled,IsTamperProtected | ConvertTo-JSON"';
+    ret.child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd], {});
     ret.child.promise = ret;
     ret.child.stdout.str = ''; ret.child.stdout.on('data', function (c) { this.str += c.toString(); });
     ret.child.stderr.str = ''; ret.child.stderr.on('data', function (c) { this.str += c.toString(); });
-    ret.child.stdin.write('Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled,IsTamperProtected | ConvertTo-JSON\r\n');
-    ret.child.stdin.write('exit\r\n');
     ret.child.on('exit', function (c) { 
         if (this.stdout.str == '') { this.promise._resolve({}); return; }
         var abc = JSON.parse(this.stdout.str.trim())

diff --git a/agents/recoverycore.js b/agents/recoverycore.js
@@ -870,7 +870,7 @@ function onTunnelControlData(data, ws) {
                     if (process.platform == 'win32') {
                         MeshServerLog("Locking remote user out of desktop", ws.httprequest);
                         var child = require('child_process');
-                        child.execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'RunDll32.exe user32.dll,LockWorkStation'], { type: 1 });
+                        child.execFile(process.env['windir'] + '\\system32\\cmd.exe', ['cmd', '/c', 'RunDll32.exe user32.dll,LockWorkStation'], { type: 1 });
                     }
                 } catch (e) { }
                 break;