implement a service for managing windows packages

melo936 · melo936 · commit 624d149dd45d · 2024-05-21T15:50:50.000+04:00
- cli support
- migrate defender packages related stuff to winpackages
diff --git a/lib/commands/security_command.dart b/lib/commands/security_command.dart
@@ -2,11 +2,12 @@ import 'dart:async';
 import 'dart:io';
 
 import 'package:args/command_runner.dart';
+import 'package:process_run/shell_run.dart';
 import 'package:revitool/services/security_service.dart';
 
 class DefenderCommand extends Command<String> {
   static final _securityService = SecurityService();
-
+  static final _shell = Shell();
   String get tag => "[Security - Defender]";
 
   @override
@@ -55,6 +56,12 @@ Virus and Threat Protections Status: ${_securityService.statusDefenderProtection
         '$tag Checking if Virus and Threat Protections are enabled...');
 
     while (_securityService.statusDefenderProtections) {
+      if (!_securityService.statusDefenderProtectionTamper) {
+        await _shell.run(
+            'PowerShell -EP Unrestricted -NonInteractive -NoLogo -NoP Set-MpPreference -DisableRealtimeMonitoring \$true');
+        continue;
+      }
+
       stdout.writeln('$tag Please disable Realtime and Tamper Protections');
       await _securityService.openDefenderThreatSettings();
 
diff --git a/lib/commands/win_package_command.dart b/lib/commands/win_package_command.dart
@@ -0,0 +1,75 @@
+import 'dart:async';
+import 'dart:io';
+
+import 'package:args/command_runner.dart';
+import 'package:revitool/services/win_package_service.dart';
+
+class WindowsPackageCommand extends Command<String> {
+  static final _winPackageService = WinPackageService();
+
+  static const tag = "[Windows Package]";
+
+  @override
+  String get description => '[$tag] A command to manage Windows Defender';
+
+  @override
+  String get name => 'winpackage';
+
+  WindowsPackageCommand() {
+    argParser.addOption(
+      'install',
+      help: 'Install a package',
+      allowed: const ['system-components-removal', 'defender-removal'],
+    );
+    argParser.addOption(
+      'uninstall',
+      help: 'Uninstall a package',
+      allowed: const ['system-components-removal', 'defender-removal'],
+    );
+  }
+
+  @override
+  FutureOr<String>? run() async {
+    final installOption = argResults?.option('install');
+    final uninstallOption = argResults?.option('uninstall');
+
+    if (installOption != null) {
+      await _installPackage(installOption);
+    } else if (uninstallOption != null) {
+      await _uninstallPackage(getPackageType(uninstallOption));
+    } else {
+      stderr.writeln('$tag Invalid command');
+    }
+    exit(0);
+  }
+
+  WinPackageType getPackageType(final String package) {
+    switch (package) {
+      case 'system-components-removal':
+        return WinPackageType.systemComponentsRemoval;
+      case 'defender-removal':
+        return WinPackageType.defenderRemoval;
+      default:
+        throw Exception('Invalid package: $package');
+    }
+  }
+
+  Future<void> _installPackage(final String parameter) async {
+    try {
+      final mode = getPackageType(parameter);
+
+      stdout.writeln('$tag Downloading package: ${mode.packageName}');
+      await _winPackageService.downloadPackage(mode);
+
+      stdout.writeln('$tag Installing package: ${mode.packageName}');
+      await _winPackageService.installPackage(mode);
+    } catch (e) {
+      stderr.writeln('$tag $e');
+    }
+  }
+
+  Future<void> _uninstallPackage(final WinPackageType packageType) async {
+    stdout.writeln('$tag Uninstalling package: ${packageType.packageName}');
+    await _winPackageService.uninstallPackage(packageType);
+  }
+}
diff --git a/lib/main.dart b/lib/main.dart
@@ -9,6 +9,7 @@ import 'package:package_info_plus/package_info_plus.dart';
 import 'package:revitool/commands/ms_store_command.dart';
 import 'package:revitool/commands/recommendation_command.dart';
 import 'package:revitool/commands/security_command.dart';
+import 'package:revitool/commands/win_package_command.dart';
 import 'package:revitool/l10n/generated/localizations.dart';
 import 'package:revitool/providers/l10n_provider.dart';
 import 'package:revitool/screens/home_page.dart';
@@ -55,7 +56,8 @@ Future<void> main(List<String> args) async {
     stdout.writeln("Running Revision Tool ${packageInfo.version}");
     final runner = CommandRunner<String>("revitool", "Revision Tool CLI")
       ..addCommand(MSStoreCommand())
-      ..addCommand(DefenderCommand());
+      ..addCommand(DefenderCommand())
+      ..addCommand(WindowsPackageCommand());
     // ..addCommand(RecommendationCommand());
     await runner.run(args);
     exit(0);
diff --git a/lib/services/security_service.dart b/lib/services/security_service.dart
@@ -3,6 +3,7 @@ import 'dart:io';
 import 'package:collection/collection.dart';
 import 'package:mixin_logger/mixin_logger.dart';
 import 'package:revitool/services/network_service.dart';
+import 'package:revitool/services/win_package_service.dart';
 import 'package:win32_registry/win32_registry.dart';
 
 import '../utils.dart';
@@ -14,6 +15,7 @@ import 'package:path/path.dart' as p;
 class SecurityService implements SetupService {
   static final _shell = Shell();
   static final _networkService = NetworkService();
+  static final _winPackageService = WinPackageService();
 
   static const _instance = SecurityService._private();
 
@@ -34,30 +36,28 @@ class SecurityService implements SetupService {
   }
 
   bool get statusDefender {
-    const path =
-        r'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\';
-    final String? key = Registry.openPath(RegistryHive.localMachine, path: path)
-        .subkeyNames
-        .lastWhereOrNull((element) =>
-            element.startsWith("Revision-ReviOS-Defender-Removal"));
-
-    return key == null ||
-        RegistryUtilsService.readInt(
-                RegistryHive.localMachine, path + key, 'CurrentState') ==
-            5; // installation codes - https://forums.ivanti.com/s/article/Understand-Patch-installation-failure-codes?language=en_US
+    return !_winPackageService
+        .checkPackageInstalled(WinPackageType.defenderRemoval);
   }
 
   bool get statusDefenderProtections {
-    return (RegistryUtilsService.readInt(
-                RegistryHive.localMachine,
-                r'SOFTWARE\Microsoft\Windows Defender\Features',
-                'TamperProtection') !=
-            4 ||
-        RegistryUtilsService.readInt(
-                RegistryHive.localMachine,
-                r'SOFTWARE\Microsoft\Windows Defender\Real-Time Protection',
-                'DisableRealtimeMonitoring') !=
-            1);
+    return statusDefenderProtectionTamper || statusDefenderProtectionRealtime;
+  }
+
+  bool get statusDefenderProtectionTamper {
+    return RegistryUtilsService.readInt(
+            RegistryHive.localMachine,
+            r'SOFTWARE\Microsoft\Windows Defender\Features',
+            'TamperProtection') !=
+        4;
+  }
+
+  bool get statusDefenderProtectionRealtime {
+    return RegistryUtilsService.readInt(
+            RegistryHive.localMachine,
+            r'SOFTWARE\Microsoft\Windows Defender\Real-Time Protection',
+            'DisableRealtimeMonitoring') !=
+        1;
   }
 
   Future<ProcessResult> openDefenderThreatSettings() async {
@@ -86,8 +86,7 @@ class SecurityService implements SetupService {
       RegistryUtilsService.writeDword(Registry.localMachine,
           r'SOFTWARE\Microsoft\Windows Defender', 'DisableAntiVirus', 0);
 
-      await _shell.run(
-          'PowerShell -NonInteractive -NoLogo -NoP -C "Get-WindowsPackage -Online -PackageName \'Revision-ReviOS-Defender-Removal*\' | Remove-WindowsPackage -Online -NoRestart"');
+      await _winPackageService.uninstallPackage(WinPackageType.defenderRemoval);
 
       await _shell.run(
           'start /WAIT /MIN /B "" "%systemroot%\\System32\\gpupdate.exe" /Target:Computer /Force');
@@ -103,27 +102,7 @@ class SecurityService implements SetupService {
   }
 
   Future<void> disableDefender() async {
-    final cabPath = p.join(Directory.systemTemp.path, 'Revision-Tool', 'CAB');
-    if (await Directory(cabPath).exists()) {
-      try {
-        await Directory(cabPath).delete(recursive: true);
-      } catch (e) {
-        stderr.writeln('Failed to delete CAB directory: $e');
-      }
-    }
-
-    final Map<String, dynamic> json =
-        await _networkService.getGHLatestRelease(ApiEndpoints.cabPackages);
-    final List<dynamic> assests = json['assets'];
-    String name = '';
-
-    final String downloadUrl = assests.firstWhereOrNull((element) {
-      name = element['name'];
-      return name
-              .startsWith("Revision-ReviOS-Defender-Removal31bf3856ad364e35") &&
-          name.contains(RegistryUtilsService.cpuArch);
-    })['browser_download_url'];
-    await _networkService.downloadFile(downloadUrl, "$cabPath\\$name");
+    await _winPackageService.downloadPackage(WinPackageType.defenderRemoval);
 
     RegistryUtilsService.writeDword(
         Registry.localMachine,
@@ -149,9 +128,7 @@ class SecurityService implements SetupService {
     await _shell.run(
         '"$directoryExe\\MinSudo.exe" --NoLogo --TrustedInstaller reg add "HKLM\\SOFTWARE\\Microsoft\\Windows Defender" /v DisableAntiVirus /t REG_DWORD /d 1 /f');
 
-    // running it via TrustedInstaller causes 'Win32 internal error "Access is denied" 0x5 occurred while reading the console output buffer'
-    await _shell.run(
-        "powershell -EP Unrestricted -NoLogo -NonInteractive -NoP -File \"$directoryExe\\cab-installer.ps1\" -Path \"$cabPath\"");
+    await _winPackageService.installPackage(WinPackageType.defenderRemoval);
   }
 
   bool get statusUAC {
diff --git a/lib/services/win_package_service.dart b/lib/services/win_package_service.dart
@@ -0,0 +1,87 @@
+import 'dart:io';
+import 'package:collection/collection.dart';
+import 'package:path/path.dart' as p;
+import 'package:process_run/shell.dart';
+
+import 'package:revitool/services/network_service.dart';
+import 'package:revitool/services/registry_utils_service.dart';
+import 'package:revitool/utils.dart';
+import 'package:win32_registry/win32_registry.dart';
+
+enum WinPackageType {
+  systemComponentsRemoval(
+      packageName: 'Revision-ReviOS-SystemPackages-Removal'),
+  defenderRemoval(packageName: 'Revision-ReviOS-Defender-Removal');
+
+  const WinPackageType({
+    required this.packageName,
+  });
+
+  final String packageName;
+}
+
+class WinPackageService {
+  static const _instance = WinPackageService._private();
+  factory WinPackageService() => _instance;
+  const WinPackageService._private();
+
+  static final _networkService = NetworkService();
+  static final _shell = Shell();
+
+  static final cabPath =
+      p.join(Directory.systemTemp.path, 'Revision-Tool', 'CAB');
+  static const cbsPackagesRegPath =
+      r'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\';
+
+  bool checkPackageInstalled(final WinPackageType packageType) {
+    final String? key =
+        Registry.openPath(RegistryHive.localMachine, path: cbsPackagesRegPath)
+            .subkeyNames
+            .lastWhereOrNull(
+                (final element) => element.startsWith(packageType.packageName));
+
+    // installation codes - https://forums.ivanti.com/s/article/Understand-Patch-installation-failure-codes?language=en_US
+    return key != null &&
+        RegistryUtilsService.readInt(RegistryHive.localMachine,
+                cbsPackagesRegPath + key, 'CurrentState') !=
+            5;
+  }
+
+  Future<void> downloadPackage(final WinPackageType packageType) async {
+    final cabPath = p.join(Directory.systemTemp.path, 'Revision-Tool', 'CAB');
+    if (await Directory(cabPath).exists()) {
+      try {
+        await Directory(cabPath).delete(recursive: true);
+      } catch (e) {
+        stderr.writeln('Failed to delete CAB directory: $e');
+      }
+    }
+
+    final List<dynamic> assests = (await _networkService
+        .getGHLatestRelease(ApiEndpoints.cabPackages))['assets'];
+    String name = '';
+
+    final String downloadUrl = assests.firstWhereOrNull((final e) {
+      name = e['name'];
+      return name.startsWith("${packageType.packageName}31bf3856ad364e35") &&
+          name.contains(RegistryUtilsService.cpuArch);
+    })['browser_download_url'];
+
+    await _networkService.downloadFile(downloadUrl, "$cabPath\\$name");
+  }
+
+  Future<void> installPackage(final WinPackageType packageType) async {
+    if (!await File("$directoryExe\\cab-installer.ps1").exists()) {
+      throw 'cab-installer.ps1 not found in $directoryExe. Please ensure the file is present by reinstalling Revision Tool.';
+    }
+
+    // running it via TrustedInstaller causes 'Win32 internal error "Access is denied" 0x5 occurred while reading the console output buffer'
+    await _shell.run(
+        "powershell -EP Unrestricted -NoLogo -NonInteractive -NoP -File \"$directoryExe\\cab-installer.ps1\" -Path \"$cabPath\"");
+  }
+
+  Future<void> uninstallPackage(final WinPackageType packageType) async {
+    await _shell.run(
+        'PowerShell -NonInteractive -NoLogo -NoP -C "Get-WindowsPackage -Online -PackageName \'${packageType.packageName}*\' | Remove-WindowsPackage -Online -NoRestart"');
+  }
+}
