diff --git a/src/defender-control/defender-control.vcxproj b/src/defender-control/defender-control.vcxproj
index 4131436..60e39f9 100644
--- a/src/defender-control/defender-control.vcxproj
+++ b/src/defender-control/defender-control.vcxproj
@@ -143,10 +143,12 @@
+
+
diff --git a/src/defender-control/defender-control.vcxproj.filters b/src/defender-control/defender-control.vcxproj.filters
index 8441f13..560a9bd 100644
--- a/src/defender-control/defender-control.vcxproj.filters
+++ b/src/defender-control/defender-control.vcxproj.filters
@@ -19,6 +19,9 @@
{db30358b-f563-460e-92fb-eacafe3a68cb}
+
+ {0cabcba0-6285-4ad6-9295-add0563d0d48}
+
@@ -30,6 +33,9 @@
Source Files\defender-control\wmic
+
+ Source Files\defender-control\util
+
@@ -38,5 +44,8 @@
Source Files\defender-control\wmic
+
+ Source Files\defender-control\util
+
\ No newline at end of file
diff --git a/src/defender-control/main.cpp b/src/defender-control/main.cpp
index be6a94d..005aafd 100644
--- a/src/defender-control/main.cpp
+++ b/src/defender-control/main.cpp
@@ -14,12 +14,29 @@ int main()
"Windows defender is ACTIVE turning off..\n" :
"Windows defender is OFF turning on...\n");
+ //if (DCONTROL::check_defender())
+ // wmic::test_exec(true);
+ //else
+ // wmic::test_exec(false);
+
+ auto helper = new wmic::helper(
+ "Root\\Microsoft\\Windows\\Defender",
+ "MSFT_MpPreference",
+ "Set"
+ );
+
+ if (auto error = helper->get_last_error())
+ {
+ printf("Error has occured: %d", error);
+ system("pause");
+ return 1;
+ }
+
if (DCONTROL::check_defender())
- wmic::test_exec(true);
- else
- wmic::test_exec(false);
+ helper->execute_cmd("DisableRealtimeMonitoring", wmic::variant_type::t_bool, TRUE);
+ else
+ helper->execute_cmd("DisableRealtimeMonitoring", wmic::variant_type::t_bool, FALSE);
system("pause");
-
return 0;
}
diff --git a/src/defender-control/util.cpp b/src/defender-control/util.cpp
new file mode 100644
index 0000000..0557d88
--- /dev/null
+++ b/src/defender-control/util.cpp
@@ -0,0 +1,17 @@
+#include "util.hpp"
+
+namespace util
+{
+ std::wstring string_to_wide(const std::string& s)
+ {
+ std::wstring temp(s.length(), L' ');
+ std::copy(s.begin(), s.end(), temp.begin());
+ return temp;
+ }
+
+ std::string wide_to_string(const std::wstring& s) {
+ std::string temp(s.length(), ' ');
+ std::copy(s.begin(), s.end(), temp.begin());
+ return temp;
+ }
+}
\ No newline at end of file
diff --git a/src/defender-control/util.hpp b/src/defender-control/util.hpp
new file mode 100644
index 0000000..3b96b7d
--- /dev/null
+++ b/src/defender-control/util.hpp
@@ -0,0 +1,8 @@
+#pragma once
+#include
+
+namespace util
+{
+ std::wstring string_to_wide(const std::string& s);
+ std::string wide_to_string(const std::wstring& s);
+}
diff --git a/src/defender-control/wmic.cpp b/src/defender-control/wmic.cpp
index a50ee93..e2eb661 100644
--- a/src/defender-control/wmic.cpp
+++ b/src/defender-control/wmic.cpp
@@ -6,11 +6,20 @@
namespace wmic
{
- // function to test getting executing a command
- //
- bool test_exec(BOOL toggle)
+ helper::helper(std::string wnamespace, std::string wclass, std::string wmethod)
{
- HRESULT hres;
+ // Initialize
+ //
+ last_error = 0;
+ hres = 0;
+ loc_ptr = nullptr;
+ service_ptr = nullptr;
+ class_ptr = nullptr;
+ param_def_ptr = nullptr;
+ class_inst_ptr = nullptr;
+
+ method_name = SysAllocString(util::string_to_wide(wmethod).c_str());
+ class_name = SysAllocString(util::string_to_wide(wclass).c_str());
// Setup COM library
//
@@ -18,12 +27,10 @@ namespace wmic
if (FAILED(hres))
{
- std::cout << "Failed to initialize COM. Error code = 0x"
- << std::hex << hres << std::endl;
- return false;
+ last_error = 1;
+ return;
}
-
// Setup general security levels
//
hres = CoInitializeSecurity(
@@ -40,49 +47,39 @@ namespace wmic
if (FAILED(hres))
{
- std::cout << "Failed to initialize security. Error code = 0x"
- << std::hex << hres << std::endl;
+ last_error = 2;
CoUninitialize();
- return false;
+ return;
}
// Obtain locator for wmi
//
- IWbemLocator* loc_ptr = nullptr;
-
hres = CoCreateInstance(CLSID_WbemLocator, 0,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID*)&loc_ptr);
if (FAILED(hres))
{
- std::cout << "Failed to create IWbemLocator object."
- << " Err code = 0x"
- << std::hex << hres << std::endl;
+ last_error = 3;
CoUninitialize();
- return false;
+ return;
}
// Connect to wmi with IbwemLocator::ConnectServer
//
- IWbemServices* service_ptr = nullptr;
-
hres = loc_ptr->ConnectServer(
- _bstr_t("root\\Microsoft\\Windows\\Defender"),
+ _bstr_t(wnamespace.c_str()),
0, 0, 0, 0, 0, 0, &service_ptr
);
if (FAILED(hres))
{
- std::cout << "Could not connect. Error code = 0x"
- << std::hex << hres << std::endl;
+ last_error = 4;
loc_ptr->Release();
CoUninitialize();
- return false;
+ return;
}
- std::cout << "Connected to root/Microsoft/Windows/Defender namespace" << std::endl;
-
// Set security levels for the proxy
//
hres = CoSetProxyBlanket(
@@ -98,67 +95,22 @@ namespace wmic
if (FAILED(hres))
{
- std::cout << "Could not set proxy blanket. Error code = 0x"
- << std::hex << hres << std::endl;
+ last_error = 5;
service_ptr->Release();
loc_ptr->Release();
CoUninitialize();
- return false;
+ return;
}
- // Make requests to the WMI
+ // Setup WMI request
//
- BSTR method_name = SysAllocString(L"Set");
- BSTR class_name = SysAllocString(L"MSFT_MpPreference");
-
- IWbemClassObject* class_ptr = nullptr;
hres = service_ptr->GetObjectA(class_name, 0, 0, &class_ptr, 0);
-
- IWbemClassObject* param_def_ptr = nullptr;
hres = class_ptr->GetMethod(method_name, 0, ¶m_def_ptr, 0);
-
- IWbemClassObject* class_inst_ptr = nullptr;
hres = param_def_ptr->SpawnInstance(0, &class_inst_ptr);
+ }
- // Create values for in parameter
- //
- VARIANT var_cmd;
- var_cmd.vt = VT_BOOL;
- var_cmd.boolVal = toggle;
-
- // Store the value for the parameters
- //
- hres = class_inst_ptr->Put(L"DisableRealtimeMonitoring", 0,
- &var_cmd, 0);
-
- std::cout << "executing DisableRealtimeMonitoring" << std::endl;
-
- // Execute
- //
- IWbemClassObject* pOutParams = nullptr;
- hres = service_ptr->ExecMethod(class_name, method_name, 0,
- 0, class_inst_ptr, &pOutParams, 0);
-
- if (FAILED(hres))
- {
- std::cout << "Could not execute method. Error code = 0x"
- << std::hex << hres << std::endl;
- VariantClear(&var_cmd);
- SysFreeString(class_name);
- SysFreeString(method_name);
- class_ptr->Release();
- class_inst_ptr->Release();
- param_def_ptr->Release();
- pOutParams->Release();
- service_ptr->Release();
- loc_ptr->Release();
- CoUninitialize();
- return false;
- }
-
- // Clean up
- //
- VariantClear(&var_cmd);
+ helper::~helper()
+ {
SysFreeString(class_name);
SysFreeString(method_name);
@@ -177,106 +129,15 @@ namespace wmic
if (service_ptr)
service_ptr->Release();
- if (pOutParams)
- pOutParams->Release();
-
CoUninitialize();
-
- return true;
}
- helper::helper(std::string wnamespace, std::string wclass)
+ // Return the last error
+ //
+ int helper::get_last_error()
{
- // Initialize
- //
- last_error = 0;
- hres = 0;
- loc_ptr = nullptr;
- service_ptr = nullptr;
-
- // Setup COM library
- //
- hres = CoInitializeEx(0, COINIT_MULTITHREADED);
-
- if (FAILED(hres))
- {
- last_error = 1;
- return;
- }
-
- // Setup general security levels
- //
- hres = CoInitializeSecurity(
- NULL,
- -1, // COM authentication
- NULL, // Authentication services
- NULL, // Reserved
- RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication
- RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation
- NULL, // Authentication info
- EOAC_NONE, // Additional capabilities
- NULL // Reserved
- );
-
- if (FAILED(hres))
- {
- last_error = 2;
- CoUninitialize();
- return;
- }
-
- // Obtain locator for wmi
- //
-
- hres = CoCreateInstance(CLSID_WbemLocator, 0,
- CLSCTX_INPROC_SERVER,
- IID_IWbemLocator, (LPVOID*)&loc_ptr);
-
- if (FAILED(hres))
- {
- last_error = 3;
- CoUninitialize();
- return;
- }
-
- // Connect to wmi with IbwemLocator::ConnectServer
- //
- hres = loc_ptr->ConnectServer(
- _bstr_t(wnamespace.c_str()),
- 0, 0, 0, 0, 0, 0, &service_ptr
- );
-
- if (FAILED(hres))
- {
- last_error = 4;
- loc_ptr->Release();
- CoUninitialize();
- return;
- }
-
- // Set security levels for the proxy
- //
- hres = CoSetProxyBlanket(
- service_ptr, // Indicates the proxy to set
- RPC_C_AUTHN_WINNT, // RPC_C_AUTHN_xxx
- RPC_C_AUTHZ_NONE, // RPC_C_AUTHZ_xxx
- NULL, // Server principal name
- RPC_C_AUTHN_LEVEL_CALL, // RPC_C_AUTHN_LEVEL_xxx
- RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
- NULL, // client identity
- EOAC_NONE // proxy capabilities
- );
-
- if (FAILED(hres))
- {
- service_ptr->Release();
- loc_ptr->Release();
- CoUninitialize();
- return;
- }
+ return last_error;
}
- helper::~helper()
- {
- }
+
}
diff --git a/src/defender-control/wmic.hpp b/src/defender-control/wmic.hpp
index b0ce745..f971024 100644
--- a/src/defender-control/wmic.hpp
+++ b/src/defender-control/wmic.hpp
@@ -7,23 +7,94 @@
#include
#pragma comment(lib, "wbemuuid.lib")
+#include "util.hpp"
+
namespace wmic
{
- // function to test getting executing a command
- //
- bool test_exec(BOOL toggle);
+ enum class variant_type : int
+ {
+ t_bool,
+ t_bstr,
+ t_uint8,
+ t_uint32
+ };
class helper
{
int last_error;
HRESULT hres;
+
IWbemServices* service_ptr;
IWbemLocator* loc_ptr;
+ IWbemClassObject* class_ptr;
+ IWbemClassObject* param_def_ptr;
+ IWbemClassObject* class_inst_ptr;
+
+ BSTR method_name;
+ BSTR class_name;
public:
- helper(std::string wnamespace, std::string wclass);
+
+ helper(std::string wnamespace, std::string wclass, std::string wmethod);
~helper();
+
+ // Return the last error
+ //
+ int get_last_error();
+
+ // Execute WMI set function
+ //
+ template
+ void execute_cmd(std::string variable, variant_type type, T value)
+ {
+ // Create values for in parameter
+ //
+ VARIANT var_cmd;
+
+ switch (type)
+ {
+ case variant_type::t_bstr:
+ var_cmd.vt = VT_BSTR;
+ var_cmd.bstrVal = _bstr_t(value);
+ break;
+
+ case variant_type::t_bool:
+ var_cmd.vt = VT_BOOL;
+ var_cmd.boolVal = value;
+ break;
+
+ case variant_type::t_uint8:
+ var_cmd.vt = VT_UI1;
+ var_cmd.uintVal = value;
+ break;
+
+ case variant_type::t_uint32:
+ var_cmd.vt = VT_UI4;
+ var_cmd.uintVal = value;
+
+ default:
+ last_error = 6;
+ return;
+ }
+
+ // Store the value for the parameters
+ //
+ hres = class_inst_ptr->Put(util::string_to_wide(variable).c_str(), 0, &var_cmd, 0);
+
+ // Execute
+ //
+ IWbemClassObject* pOutParams = nullptr;
+ hres = service_ptr->ExecMethod(class_name, method_name, 0,
+ 0, class_inst_ptr, &pOutParams, 0);
+
+ // Cleanup
+ //
+ VariantClear(&var_cmd);
+
+ if (pOutParams)
+ pOutParams->Release();
+ }
};
}