[PR #6] [MERGED] Tidy up PInvoke code and use elevated token if possible #4

New issue

Closed

opened 2026-03-03 13:56:45 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 13:56:45 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/KelvinTegelaar/RunAsUser/pull/6
Author: @jborean93
Created: 7/15/2020
Status: ✅ Merged
Merged: 7/16/2020
Merged by: @KelvinTegelaar

Base: master ← Head: pinvoke

📝 Commits (1)

d057205 Tidy up PInvoke code and use elevated token if possible

📊 Changes

2 files changed (+315 additions, -177 deletions)

View changed files

📝 Public/Invoke-AsCurrentUser.ps1 (+12 -5)
📝 runasuser.psm1 (+303 -172)

📄 Description

This makes a few changes. These changes are technically changes in behaviour

Uses the PowerShell executable of the current process instead of hard coding to C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Will use the elevated token if available, before it used whatever was the default settings based on the UAC policies
Changed the exceptions to error messages, this allows the cmdlet to follow the -ErrorAction behaviour defined by the caller

The following are "bugfixes"

Fixed the arguments being sent to CreateProcessAsUser
- The first argument should be the full path to the executable that is run, this was correct before
- The second argument should include the full path to the executable then the remaining args
- The current code just ignored the first arg -bypassexecutionpolicy which wasn't correct because it was seen as the module name and not an arg
- Once fixing that I also fixed -bypassexecutionpolicy to be -ExecutionPolicy Bypass
Tidied up the PInvoke code
- Use safe handles to guarantee unmanaged resources were disposed where possible
- Have StartProcessAsCurrentUser return the process id in case that is needed in the future
- Fix some PInvoke definitions to use the unicode variant and some return values that could be optimised
- Made sure WTSFreeMemory was called as the current code caused a memory leak, albiet a minor one
- Used a better exception formatter to have exception messages contain the actual error details of a failure
- The code should now be loadable in PowerShell 6+

Fixes https://github.com/KelvinTegelaar/RunAsUser/issues/3

I was personally unable to actually run anything even with the old code due to it trying to start up on the interactive desktop. For testing I had to comment out github.com/KelvinTegelaar/RunAsUser@d057205e35/runasuser.psm1 (L308) but I assume this behaviour is desired for RMM. Please let me know if you have any issues with the changes.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/KelvinTegelaar/RunAsUser/pull/6 **Author:** [@jborean93](https://github.com/jborean93) **Created:** 7/15/2020 **Status:** ✅ Merged **Merged:** 7/16/2020 **Merged by:** [@KelvinTegelaar](https://github.com/KelvinTegelaar) **Base:** `master` ← **Head:** `pinvoke` --- ### 📝 Commits (1) - [`d057205`](https://github.com/KelvinTegelaar/RunAsUser/commit/d057205e35aa6c1d5ddb13ad92186f5d4d00980f) Tidy up PInvoke code and use elevated token if possible ### 📊 Changes **2 files changed** (+315 additions, -177 deletions) <details> <summary>View changed files</summary> 📝 `Public/Invoke-AsCurrentUser.ps1` (+12 -5) 📝 `runasuser.psm1` (+303 -172) </details> ### 📄 Description This makes a few changes. These changes are technically changes in behaviour * Uses the PowerShell executable of the current process instead of hard coding to `C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe` * Will use the elevated token if available, before it used whatever was the default settings based on the UAC policies * Changed the exceptions to error messages, this allows the cmdlet to follow the `-ErrorAction` behaviour defined by the caller The following are "bugfixes" * Fixed the arguments being sent to CreateProcessAsUser * The first argument should be the full path to the executable that is run, this was correct before * The second argument should include the full path to the executable then the remaining args * The current code just ignored the first arg `-bypassexecutionpolicy` which wasn't correct because it was seen as the module name and not an arg * Once fixing that I also fixed `-bypassexecutionpolicy` to be `-ExecutionPolicy Bypass` * Tidied up the PInvoke code * Use safe handles to guarantee unmanaged resources were disposed where possible * Have `StartProcessAsCurrentUser` return the process id in case that is needed in the future * Fix some PInvoke definitions to use the unicode variant and some return values that could be optimised * Made sure `WTSFreeMemory` was called as the current code caused a memory leak, albiet a minor one * Used a better exception formatter to have exception messages contain the actual error details of a failure * The code should now be loadable in PowerShell 6+ Fixes https://github.com/KelvinTegelaar/RunAsUser/issues/3 I was personally unable to actually run anything even with the old code due to it trying to start up on the interactive desktop. For testing I had to comment out https://github.com/KelvinTegelaar/RunAsUser/blob/d057205e35aa6c1d5ddb13ad92186f5d4d00980f/runasuser.psm1#L308 but I assume this behaviour is desired for RMM. Please let me know if you have any issues with the changes. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem

2026-03-03 13:56:45 +03:00

closed this issue
added the
pull-request
label

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/RunAsUser#4

No description provided.

Rows
Columns