|
|
|
@ -2,6 +2,11 @@
|
|
|
|
|
|
|
|
|
|
namespace REG
|
|
|
|
|
{
|
|
|
|
|
void init_key(DWORD* a1)
|
|
|
|
|
{
|
|
|
|
|
*a1 = -2147483646;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// reads a key from HKEY_LOCAL_MACHINE
|
|
|
|
|
//
|
|
|
|
|
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags)
|
|
|
|
@ -16,6 +21,12 @@ namespace REG
|
|
|
|
|
// KEY_ALL_ACCESS to access
|
|
|
|
|
// but we only need to read for this call
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
|
HKEY temp{};
|
|
|
|
|
HKEY phkResult;
|
|
|
|
|
RegConnectRegistryW(0, temp, &phkResult);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
status = RegOpenKeyExW(
|
|
|
|
|
HKEY_LOCAL_MACHINE,
|
|
|
|
|
root_name,
|
|
|
|
@ -59,153 +70,201 @@ namespace REG
|
|
|
|
|
{
|
|
|
|
|
LSTATUS status;
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
|
HKEY temp{};
|
|
|
|
|
HKEY phkResult;
|
|
|
|
|
RegConnectRegistryW(0, temp, &phkResult);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
|
// 0x20119 or 131353
|
|
|
|
|
status = RegOpenKeyExW(
|
|
|
|
|
HKEY_LOCAL_MACHINE,
|
|
|
|
|
root_name,
|
|
|
|
|
0,
|
|
|
|
|
KEY_ALL_ACCESS | KEY_WOW64_64KEY,
|
|
|
|
|
131353,
|
|
|
|
|
&hkey
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!status)
|
|
|
|
|
if (status == ERROR_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
std::wcout << "Successfully opened " << root_name << std::endl;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
//[RegCreateKeyExW]
|
|
|
|
|
//hKey: 80000002
|
|
|
|
|
//lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
|
|
|
|
//lpClass:
|
|
|
|
|
//samDesired: 131334
|
|
|
|
|
//Reserved: 0
|
|
|
|
|
//lpSecurityAttributes: 00000000
|
|
|
|
|
//dwOptions: 0
|
|
|
|
|
//lpdwDisposition: 008BF04C
|
|
|
|
|
|
|
|
|
|
DWORD dwDisposition;
|
|
|
|
|
|
|
|
|
|
status = RegCreateKeyExW(
|
|
|
|
|
HKEY_LOCAL_MACHINE,
|
|
|
|
|
root_name,
|
|
|
|
|
0, 0,
|
|
|
|
|
REG_OPTION_NON_VOLATILE,
|
|
|
|
|
KEY_ALL_ACCESS, 0,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
0,
|
|
|
|
|
131334,
|
|
|
|
|
0,
|
|
|
|
|
&hkey,
|
|
|
|
|
0
|
|
|
|
|
&dwDisposition
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (status)
|
|
|
|
|
{
|
|
|
|
|
std::cout << "could not find or create " << root_name << std::endl;
|
|
|
|
|
std::wcout << "could not find or create " << root_name << " error: " << status << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
|
std::cout << "disposition: " << dwDisposition << std::endl;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
|
|
|
|
{
|
|
|
|
|
if (RegSetValueExW(hkey, value_name, 0, REG_DWORD,
|
|
|
|
|
reinterpret_cast<LPBYTE>(&value), sizeof(DWORD)))
|
|
|
|
|
auto ret = RegSetValueExW(hkey, value_name, 0, REG_DWORD,
|
|
|
|
|
reinterpret_cast<LPBYTE>(&value), 4);
|
|
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
|
{
|
|
|
|
|
std::cout << "Set error: " << ret << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
|
|
|
|
{
|
|
|
|
|
if (RegSetValueExW(hkey, value_name, 0, REG_BINARY,
|
|
|
|
|
reinterpret_cast<LPBYTE>(&value), sizeof(DWORD)))
|
|
|
|
|
auto ret = RegSetValueExW(hkey, value_name, 0, REG_BINARY,
|
|
|
|
|
reinterpret_cast<LPBYTE>(&value), 12);
|
|
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
|
{
|
|
|
|
|
std::cout << "Set error: " << ret << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
namespace DCONTROL
|
|
|
|
|
{
|
|
|
|
|
char sub_43604B()
|
|
|
|
|
{
|
|
|
|
|
char v0; // bl
|
|
|
|
|
SC_HANDLE v1; // eax
|
|
|
|
|
SC_HANDLE v2; // esi
|
|
|
|
|
void* v3; // eax
|
|
|
|
|
|
|
|
|
|
v0 = 0;
|
|
|
|
|
v1 = OpenSCManagerW(0, 0, 8u);
|
|
|
|
|
v2 = v1;
|
|
|
|
|
if (v1)
|
|
|
|
|
{
|
|
|
|
|
v3 = LockServiceDatabase(v1);
|
|
|
|
|
if (v3)
|
|
|
|
|
{
|
|
|
|
|
UnlockServiceDatabase(v3);
|
|
|
|
|
CloseServiceHandle(v2);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if (GetLastError() == 1055)
|
|
|
|
|
v0 = 1;
|
|
|
|
|
CloseServiceHandle(v2);
|
|
|
|
|
}
|
|
|
|
|
return v0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// disables window defender
|
|
|
|
|
//
|
|
|
|
|
bool disable_defender()
|
|
|
|
|
{
|
|
|
|
|
// create DisableRealtimeMonitoring if it does not exist then set value to 1
|
|
|
|
|
// [RegCreateKeyExW]
|
|
|
|
|
// lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
|
|
|
|
|
// [RegSetValueExW]
|
|
|
|
|
// lpValueName: DisableAntiSpyware
|
|
|
|
|
// [RegCreateKeyExW]
|
|
|
|
|
// lpSubKey: SOFTWARE\Microsoft\Windows Defender
|
|
|
|
|
// [RegCreateKeyExW]
|
|
|
|
|
// lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
|
|
|
|
// [RegCreateKeyExW]
|
|
|
|
|
// lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
|
|
|
|
|
// [RegSetValueExW]
|
|
|
|
|
// lpValueName: Start
|
|
|
|
|
// [RegOpenKeyExW]
|
|
|
|
|
// lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
|
|
|
|
// [RegQueryValueExW]
|
|
|
|
|
// lpValueName: SecurityHealth
|
|
|
|
|
// [RegCreateKeyExW]
|
|
|
|
|
// lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
|
|
|
|
// [RegSetValueExW]
|
|
|
|
|
// lpValueName: SecurityHealth
|
|
|
|
|
// [RegOpenKeyExW]
|
|
|
|
|
// lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
|
|
|
|
// [RegEnumValueW]
|
|
|
|
|
// lpValueName: SecurityHealth
|
|
|
|
|
// [RegOpenKeyExW]
|
|
|
|
|
// lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
|
|
|
|
// [RegQueryValueExW]
|
|
|
|
|
// lpValueName: DisableRealtimeMonitoring
|
|
|
|
|
if (!sub_43604B())
|
|
|
|
|
{
|
|
|
|
|
std::cout << "permission error" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
HKEY hkey;
|
|
|
|
|
|
|
|
|
|
// SecurityHealth
|
|
|
|
|
// DisableAntiSpyware
|
|
|
|
|
{
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access CurrentVersion" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Policies\\Microsoft\\Windows Defender", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access Policies" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::set_keyval_bin(hkey, L"SecurityHealth", 3))
|
|
|
|
|
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to write to SecurityHealth" << std::endl;
|
|
|
|
|
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Start (3 off) (2 on)
|
|
|
|
|
{
|
|
|
|
|
if (!REG::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\WinDefend", hkey))
|
|
|
|
|
#if 0
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access CurrentControlSet" << std::endl;
|
|
|
|
|
std::cout << "failed to access Windows Defender" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::set_keyval(hkey, L"Start", 3))
|
|
|
|
|
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to write to Start" << std::endl;
|
|
|
|
|
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DisableAntiSpyware
|
|
|
|
|
// Start (3 off) (2 on)
|
|
|
|
|
{
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Policies\\Microsoft\\Windows Defender", hkey))
|
|
|
|
|
if (!REG::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\WinDefend", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access Policies" << std::endl;
|
|
|
|
|
std::cout << "failed to access CurrentControlSet" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
|
|
|
|
if (!REG::set_keyval(hkey, L"Start", 3))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
|
|
|
|
std::cout << "failed to write to Start" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender", hkey))
|
|
|
|
|
std::cout << "Wrote to Start" << std::endl;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// SecurityHealth
|
|
|
|
|
{
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access Windows Defender" << std::endl;
|
|
|
|
|
std::cout << "failed to access CurrentVersion" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
|
|
|
|
if (!REG::set_keyval_bin(hkey, L"SecurityHealth", 3))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
|
|
|
|
std::cout << "failed to write to SecurityHealth" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::cout << "Wrote to SecurityHealth" << std::endl;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
|
// DisableRealtimeMonitoring
|
|
|
|
|
{
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection", hkey))
|
|
|
|
@ -219,6 +278,7 @@ namespace DCONTROL
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|