将带有复杂参数的ScriptBlock传递给新的PowerShell实例

发布于 2025-02-12 21:23:39 字数 864 浏览 3 评论 0 原文

我想用复杂的参数执行以下脚本。例如，使用[Securestring]。

$text = "'This is a test message.'"

$ArgumentList = @( $text, $PID ) -join ", "
$cmd = { param([string]$msg, [int]$proc ); Write-Host "$msg FROM PID: $proc" }
$Command = "Invoke-Command -ScriptBlock {$cmd} -ArgumentList $ArgumentList"

Start-Process -Filepath powershell -ArgumentList "-noexit -command ( $Command )"

这个脚本很好。
我将此脚本转换为新脚本，

$text = "'This is a test message.'"
$Cred = get-credential
$ArgumentList = @( $text, $PID, $credential ) -join ", "
$cmd = { param([string]$msg, [int]$proc, $Credential ); Write-Host "$msg FROM PID: $proc, cred: $( $Credential.username )" }
$Command = "Invoke-Command -ScriptBlock {$cmd} -ArgumentList $ArgumentList"

Start-Process -Filepath powershell -ArgumentList "-noexit -command ( $Command )"

我有一个错误。如何通过论据？

原文

I want to execute the following script with complex arguments. For example with [securestring].

$text = "'This is a test message.'"

$ArgumentList = @( $text, $PID ) -join ", "
$cmd = { param([string]$msg, [int]$proc ); Write-Host "$msg FROM PID: $proc" }
$Command = "Invoke-Command -ScriptBlock {$cmd} -ArgumentList $ArgumentList"

Start-Process -Filepath powershell -ArgumentList "-noexit -command ( $Command )"

this script worked fine.
i`m transform this script into the new one

$text = "'This is a test message.'"
$Cred = get-credential
$ArgumentList = @( $text, $PID, $credential ) -join ", "
$cmd = { param([string]$msg, [int]$proc, $Credential ); Write-Host "$msg FROM PID: $proc, cred: $( $Credential.username )" }
$Command = "Invoke-Command -ScriptBlock {$cmd} -ArgumentList $ArgumentList"

Start-Process -Filepath powershell -ArgumentList "-noexit -command ( $Command )"

I have an error.
How to pass arguments right?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

野の 2025-02-19 21:23:39

如 @mathias ，我会考虑在整个过程中运行整个过程 ”

Start-Process -Credential $cred -Filepath powershell -ArgumentList "-noexit -command ( $Command )"

无论如何，您也可以序列化（全部）您的参数，然后将其转换为 base64 base64 base64 当您传递它时，多个解释器：

$text = "This is a test message."
$Cred = get-credential
$Arguments = @{
    Msg  = $Text
    Proc = $PID
    Cred = $Cred
}
$Serialized = [System.Management.Automation.PSSerializer]::Serialize($Arguments)
$Bytes = [System.Text.Encoding]::Unicode.GetBytes($Serialized)
$Base64 =[Convert]::ToBase64String($Bytes)
$cmd = {
    param([String]$Base64)
    $Serialized = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($Base64))
    $Arguments = [System.Management.Automation.PSSerializer]::Deserialize($Serialized)
    Write-Host " $($Arguments.msg) FROM PID: $($Arguments.proc), cred: $( $Arguments.Cred.Username)"
}
$Command = "Invoke-Command -ScriptBlock {$cmd} -ArgumentList $Base64"

Start-Process -Filepath powershell -ArgumentList "-noexit -command ( $Command )"

注意： 默认使用Windows Data Protection API，并且用于加密密码的密钥是特定于用户和机器的代码正在运行。

As suggested by @Mathias, I would consider to run the whole process under the specific credentials

Start-Process -Credential $cred -Filepath powershell -ArgumentList "-noexit -command ( $Command )"

Anyways, you might also serialize (all) your arguments and convert it to Base64 as you passing it trough multiple interpreters:

$text = "This is a test message."
$Cred = get-credential
$Arguments = @{
    Msg  = $Text
    Proc = $PID
    Cred = $Cred
}
$Serialized = [System.Management.Automation.PSSerializer]::Serialize($Arguments)
$Bytes = [System.Text.Encoding]::Unicode.GetBytes($Serialized)
$Base64 =[Convert]::ToBase64String($Bytes)
$cmd = {
    param([String]$Base64)
    $Serialized = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($Base64))
    $Arguments = [System.Management.Automation.PSSerializer]::Deserialize($Serialized)
    Write-Host " $($Arguments.msg) FROM PID: $($Arguments.proc), cred: $( $Arguments.Cred.Username)"
}
$Command = "Invoke-Command -ScriptBlock {$cmd} -ArgumentList $Base64"

Start-Process -Filepath powershell -ArgumentList "-noexit -command ( $Command )"

Note: that Get-Credential by default uses the Windows data protection API, and the key used to encrypt the password is specific to both the user and the machine that the code is running under.