将 CurrentDirectory 从未提升的脚本转移到提升的脚本

Question

我需要将与脚本（在我的闪存驱动器中）位于同一目录中的文件“manufacturer.bmp”复制到system32 目录。

我成功地获取了变量sourcefile、destinationdirectory，并提升了我的脚本，但是当我提升它时，我的sourcefile 变量丢失了，因为使用了CurrentDirectory，不同之处在于这种模式。

Set shell = WScript.CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")

CurrentDirectory = fso.GetAbsolutePathName(".")
sourcefile = fso.buildpath(CurrentDirectory, "manufacturer.bmp")
MsgBox(sourcefile)

'Checks if the script is running elevated (UAC)
Function isElevated
  Set shell = CreateObject("WScript.Shell")
  Set whoami = shell.Exec("whoami /groups")
  Set whoamiOutput = whoami.StdOut
  strWhoamiOutput = whoamiOutput.ReadAll

  If InStr(1, strWhoamiOutput, "S-1-16-12288", vbTextCompare) Then 
    isElevated = True
  Else
    isElevated = False
  End If
End Function

'Re-runs the process prompting for priv elevation on re-run
Sub uacPrompt
  'Check if we need to run in C or W script
  interpreter = "wscript.exe"
  If InStr(1, WScript.FullName, "CScript", vbTextCompare) = 0 Then
    interpreter = "wscript.exe"
  Else
    interpreter = "cscript.exe"
  End If

  'Start a new instance with an elevation prompt first
  Set shellApp = CreateObject("Shell.Application")
  shellApp.ShellExecute interpreter, Chr(34) & WScript.ScriptFullName & _
    Chr(34) & " uac", "", "runas", 1

  'End the non-elevated instance
  WScript.Quit
End Sub

'Make sure we are running elevated, prompt if not
If Not isElevated Then uacPrompt

destinationdir = fso.buildpath(shell.ExpandEnvironmentStrings("%windir%"), _
                 "system32")
MsgBox(destinationdir)

fso.CopyFile sourcefile, destinationdir

知道如何将我的源文件 var 推送到子提升脚本吗？

Answer 1

ShellExecute 方法允许您将工作目录指定为 3^rd 参数，因此您可以将当前目录传递给提升的脚本并在提升后构建sourcefile 路径。此外，您的代码还可以精简很多。

Const HKLM   = &h80000002
Const DELETE = &h10000

Set sh = CreateObject("WScript.Shell")

Set reg = GetObject("winmgmts://./root/default:StdRegProv")
reg.CheckAccess HKLM, "SYSTEM\CurrentControlSet", DELETE, isAdmin

If Not isAdmin Then
  If WScript.Arguments.Count = 0 Then
    CreateObject("Shell.Application").ShellExecute WScript.FullName, _
      Chr(34) & WScript.ScriptFullName & Chr(34) & " uac", _
      sh.CurrentDirectory, "runas", 1
    WScript.Quit 0
  Else
    WScript.Echo "Privilege elevation failed!"
    WScript.Quit 1
  End If
End If

Set fso = CreateObject("Scripting.FileSystemObject")

src = fso.BuildPath(sh.CurrentDirectory, "manufacturer.bmp")
dst = fso.buildpath(sh.ExpandEnvironmentStrings("%windir%"), "system32")

fso.CopyFile src, dst & "\"

编辑： 或者至少如果您不提升流程，它会这样工作。根据 Raymond Chen 的this blog post，在提升进程时忽略启动目录，因此当前目录中的恶意 DLL 不会被错误地加载到提升的进程中。这意味着您必须“手动”传递工作目录，如下所示：

Const HKLM   = &h80000002
Const DELETE = &h10000

Set sh = CreateObject("WScript.Shell")

Set reg = GetObject("winmgmts://./root/default:StdRegProv")
reg.CheckAccess HKLM, "SYSTEM\CurrentControlSet", DELETE, isAdmin

If Not isAdmin Then
  If WScript.Arguments.Count = 0 Then
    CreateObject("Shell.Application").ShellExecute WScript.FullName, _
      Chr(34) & WScript.ScriptFullName & Chr(34) & " " & _
      Chr(34) & sh.CurrentDirectory & Chr(34), , "runas", 1
    WScript.Quit 0
  Else
    WScript.Echo "Privilege elevation failed!"
    WScript.Quit 1
  End If
End If

sh.CurrentDirectory = WScript.Arguments(0)

Set fso = CreateObject("Scripting.FileSystemObject")

src = fso.BuildPath(sh.CurrentDirectory, "manufacturer.bmp")
dst = fso.buildpath(sh.ExpandEnvironmentStrings("%windir%"), "system32")

fso.CopyFile src, dst & "\"

请注意，由于您的目标路径是一个文件夹，它必须有一个尾部反斜杠（如documented）。